tls1.2: update ciphers to latest recommendations
Based upon usual recommendations from: https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ Change-Id: Ia17660eb19cb2ad15f8d511cad2fce95f39b706b
This commit is contained in:
parent
93b35e0b68
commit
e9989ed74b
@ -18,7 +18,7 @@
|
|||||||
# services running behind Apache (currently, Horizon and Keystone).
|
# services running behind Apache (currently, Horizon and Keystone).
|
||||||
ssl_protocol: "ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1"
|
ssl_protocol: "ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1"
|
||||||
# Cipher suite string from https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
|
# Cipher suite string from https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
|
||||||
ssl_cipher_suite_tls12: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"
|
ssl_cipher_suite_tls12: "{{ ssl_cipher_suite | default('ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES256:ECDH+AES128:!aNULL:!SHA1:!AESCCM') }}"
|
||||||
ssl_cipher_suite_tls13: "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
|
ssl_cipher_suite_tls13: "TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256"
|
||||||
|
|
||||||
#variables used in OSA roles which call the PKI role
|
#variables used in OSA roles which call the PKI role
|
||||||
|
Loading…
Reference in New Issue
Block a user