Merge "Switch TLS tests to TLSv1.2+ only"

openstack · Jul 21, 2023 · b52dcee · b52dcee
2 parents 9845128 + dc01a8a
commit b52dcee
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 0 deletions.
diff --git a/files/apache-keystone.template b/files/apache-keystone.template
@@ -23,6 +23,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)"
 %SSLLISTEN%    %SSLENGINE%
 %SSLLISTEN%    %SSLCERTFILE%
 %SSLLISTEN%    %SSLKEYFILE%
+%SSLLISTEN%    SSLProtocol -all +TLSv1.3 +TLSv1.2
 %SSLLISTEN%</VirtualHost>
 
 Alias /identity %KEYSTONE_BIN%/keystone-wsgi-public

diff --git a/files/apache-neutron.template b/files/apache-neutron.template
@@ -24,6 +24,7 @@ LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\" %D(us)"
 %SSLLISTEN%    %SSLENGINE%
 %SSLLISTEN%    %SSLCERTFILE%
 %SSLLISTEN%    %SSLKEYFILE%
+%SSLLISTEN%    SSLProtocol -all +TLSv1.3 +TLSv1.2
 %SSLLISTEN%</VirtualHost>
 
 Alias /networking %NEUTRON_BIN%/neutron-api

diff --git a/lib/tls b/lib/tls
@@ -527,6 +527,7 @@ $listen_string
 <VirtualHost $f_host:$f_port>
     SSLEngine On
     SSLCertificateFile $DEVSTACK_CERT
+    SSLProtocol -all +TLSv1.3 +TLSv1.2
 
     # Disable KeepAlive to fix bug #1630664 a.k.a the
     # ('Connection aborted.', BadStatusLine("''",)) error