commit a5561f0a1d48ff3364f6e1785000dd454bd57057
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Thu Apr 19 07:53:01 2018 +0000
Force stunnel to use TLSv1.2
This allows us to force a TLS version for stunnel, which we
set to TLSv1.2. This ensures that we're compliant with FedRamp,
which requires a minimum version of TLSv1.1.
Unfortunately, using the "option" key didn't work in the configuration
as was tried in a previous commit. This option would have only only
disabled the versions we set, instead of only allowing one, like
"sslVersions" does. This seems to be the only alternative we have at
the moment.
Reviewed: https:/ /review. openstack. org/562512 /git.openstack. org/cgit/ openstack/ puppet- tripleo/ commit/ ?id=a5561f0a1d4 8ff3364f6e17850 00dd454bd57057
Committed: https:/
Submitter: Zuul
Branch: master
commit a5561f0a1d48ff3 364f6e1785000dd 454bd57057
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Thu Apr 19 07:53:01 2018 +0000
Force stunnel to use TLSv1.2
This allows us to force a TLS version for stunnel, which we
set to TLSv1.2. This ensures that we're compliant with FedRamp,
which requires a minimum version of TLSv1.1.
Unfortunately, using the "option" key didn't work in the configuration
as was tried in a previous commit. This option would have only only
disabled the versions we set, instead of only allowing one, like
"sslVersions" does. This seems to be the only alternative we have at
the moment.
Related-Bug: #1754368 65269704e23f65a a0460724078
Change-Id: I353f893ee5dcc2