Disable tls1.0 support
Bug #1656466 reported by
Vlad Naboichenko
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Fuel for OpenStack |
Invalid
|
Medium
|
Fuel Sustaining | ||
Mitaka |
Invalid
|
Medium
|
Fuel Sustaining | ||
Newton |
Invalid
|
Medium
|
Fuel Sustaining |
Bug Description
Due to security vulnerabilities it would be nice to disable tls1.0 in nginx on fuel master and in haproxy for openstack services.
description: | updated |
summary: |
- Disable ssl3, tls1.0 support + Disable tls1.0 support |
Changed in fuel: | |
importance: | Undecided → Medium |
milestone: | none → 9.3 |
assignee: | nobody → Fuel Sustaining (fuel-sustaining-team) |
tags: | added: area-library |
Changed in fuel: | |
milestone: | 9.x-updates → 11.0 |
status: | New → Confirmed |
To post a comment you must log in.
You can't do this in reasonable amount of time because of limitation in clients written in Ruby and Python, especially Ruby one, as proper support of TLS in that language starts from 2.1 version. So I believe we should not disable TLS 1.0 as it provides good enough security with proper ciphersuites enabled.