Switch TLS tests to TLSv1.2+ only This would more likely match a relevant production deployment. Change-Id: I4ee2ff0c00a8e33fd069a782b32eed5fef62c01b

commit: dc01a8ab63aff1be170fb59c293ed4bddd03749a [log] [tgz]
author: Dirk Mueller <dirk@dmllr.de> Sun Jul 14 22:33:13 2019 +0200
committer: Dirk Mueller <dirk@dmllr.de> Sun Jul 14 22:33:45 2019 +0200
tree: 3166201ac91c29f0b13f6e3d8c617750d3fdb7fd
parent: 46f05ea2372d1cfa799d850d5e5aea37dea135d3 [diff]
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
index 1284360..480fe06 100644
--- a/files/apache-keystone.template
+++ b/files/apache-keystone.template

@@ -38,6 +38,7 @@
 %SSLLISTEN%    %SSLENGINE%
 %SSLLISTEN%    %SSLCERTFILE%
 %SSLLISTEN%    %SSLKEYFILE%
+%SSLLISTEN%    SSLProtocol -all +TLSv1.3 +TLSv1.2
 %SSLLISTEN%</VirtualHost>
 
 Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public

diff --git a/files/apache-neutron.template b/files/apache-neutron.template
index c7796b9..358e87f 100644
--- a/files/apache-neutron.template
+++ b/files/apache-neutron.template

@@ -24,6 +24,7 @@
 %SSLLISTEN%    %SSLENGINE%
 %SSLLISTEN%    %SSLCERTFILE%
 %SSLLISTEN%    %SSLKEYFILE%
+%SSLLISTEN%    SSLProtocol -all +TLSv1.3 +TLSv1.2
 %SSLLISTEN%</VirtualHost>
 
 Alias /networking %NEUTRON_BIN%/neutron-api

diff --git a/lib/tls b/lib/tls
index 0032449..6f2a65a 100644
--- a/lib/tls
+++ b/lib/tls

@@ -536,6 +536,7 @@
 <VirtualHost $f_host:$f_port>
     SSLEngine On
     SSLCertificateFile $DEVSTACK_CERT
+    SSLProtocol -all +TLSv1.3 +TLSv1.2
 
     # Disable KeepAlive to fix bug #1630664 a.k.a the
     # ('Connection aborted.', BadStatusLine("''",)) error
commit	dc01a8ab63aff1be170fb59c293ed4bddd03749a	[log] [tgz]
author	Dirk Mueller <dirk@dmllr.de>	Sun Jul 14 22:33:13 2019 +0200
committer	Dirk Mueller <dirk@dmllr.de>	Sun Jul 14 22:33:45 2019 +0200
tree	3166201ac91c29f0b13f6e3d8c617750d3fdb7fd
parent	46f05ea2372d1cfa799d850d5e5aea37dea135d3 [diff]