Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / b52dceee7bbaaf233282c044a5dbaba297a387cd^1..b52dceee7bbaaf233282c044a5dbaba297a387cd / .
commitb52dceee7bbaaf233282c044a5dbaba297a387cd[log] [tgz]
authorZuul <zuul@review.opendev.org>Fri Jul 21 16:37:18 2023 +0000
committerGerrit Code Review <review@openstack.org>Fri Jul 21 16:37:18 2023 +0000
tree4742fac36a96951aa2e72b0299d64b1943601651
parent9845128969b65711910a76da28a7007f59027617 [diff]
parentdc01a8ab63aff1be170fb59c293ed4bddd03749a [diff]
Merge "Switch TLS tests to TLSv1.2+ only"
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 1a353e5..d99e8e6 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template

@@ -23,6 +23,7 @@
 %SSLLISTEN%    %SSLENGINE%
 %SSLLISTEN%    %SSLCERTFILE%
 %SSLLISTEN%    %SSLKEYFILE%
+%SSLLISTEN%    SSLProtocol -all +TLSv1.3 +TLSv1.2
 %SSLLISTEN%</VirtualHost>
 
 Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public

diff --git a/files/apache-neutron.template b/files/apache-neutron.template
index c7796b9..358e87f 100644
--- a/files/apache-neutron.template
+++ b/files/apache-neutron.template

@@ -24,6 +24,7 @@
 %SSLLISTEN%    %SSLENGINE%
 %SSLLISTEN%    %SSLCERTFILE%
 %SSLLISTEN%    %SSLKEYFILE%
+%SSLLISTEN%    SSLProtocol -all +TLSv1.3 +TLSv1.2
 %SSLLISTEN%</VirtualHost>
 
 Alias /networking %NEUTRON_BIN%/neutron-api

diff --git a/lib/tls b/lib/tls
index e0c7500..a1e162d 100644
--- a/lib/tls
+++ b/lib/tls

@@ -527,6 +527,7 @@
 <VirtualHost $f_host:$f_port>
     SSLEngine On
     SSLCertificateFile $DEVSTACK_CERT
+    SSLProtocol -all +TLSv1.3 +TLSv1.2
 
     # Disable KeepAlive to fix bug #1630664 a.k.a the
     # ('Connection aborted.', BadStatusLine("''",)) error