commit 5b8e3e121b3f6cdfcc3c95fdc06ab41384b55a2c
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Thu Apr 19 07:53:01 2018 +0000
Force stunnel to use TLSv1.2
This allows us to force a TLS version for stunnel, which we
set to TLSv1.2. This ensures that we're compliant with FedRamp,
which requires a minimum version of TLSv1.1.
Unfortunately, using the "option" key didn't work in the configuration
as was tried in a previous commit. This option would have only only
disabled the versions we set, instead of only allowing one, like
"sslVersions" does. This seems to be the only alternative we have at
the moment.
Related-Bug: #1754368
Change-Id: I353f893ee5dcc265269704e23f65aa0460724078
(cherry picked from commit a5561f0a1d48ff3364f6e1785000dd454bd57057)
Reviewed: https:/ /review. openstack. org/562960 /git.openstack. org/cgit/ openstack/ puppet- tripleo/ commit/ ?id=5b8e3e121b3 f6cdfcc3c95fdc0 6ab41384b55a2c
Committed: https:/
Submitter: Zuul
Branch: stable/queens
commit 5b8e3e121b3f6cd fcc3c95fdc06ab4 1384b55a2c
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Thu Apr 19 07:53:01 2018 +0000
Force stunnel to use TLSv1.2
This allows us to force a TLS version for stunnel, which we
set to TLSv1.2. This ensures that we're compliant with FedRamp,
which requires a minimum version of TLSv1.1.
Unfortunately, using the "option" key didn't work in the configuration
as was tried in a previous commit. This option would have only only
disabled the versions we set, instead of only allowing one, like
"sslVersions" does. This seems to be the only alternative we have at
the moment.
Related-Bug: #1754368 65269704e23f65a a0460724078 364f6e1785000dd 454bd57057)
Change-Id: I353f893ee5dcc2
(cherry picked from commit a5561f0a1d48ff3