-
Sven Kieske authored
harden the TLS default config according to the mozilla "modern" recommendation: https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=modern&openssl=1.1.1k&guideline=5.7 if you want to revert to the old settings, set: kolla_haproxy_ssl_settings: "legacy" in globals.yaml alternatively you can also set it to "intermediate" for a middle ground between security and accessibility. this also adjusts the glance and neutron tls proxy ssl settings in their dedicated haproxy config templates to use the same mechanism. also add some haproxy related docs to the TLS guide and cross reference it from the haproxy-guide. Closes-Bug: #2060787 Signed-off-by:
Sven Kieske <kieske@osism.tech> Change-Id: I311c374b34f22c78cc5bcf91e5ce3924c62568b6
Sven Kieske authoredharden the TLS default config according to the mozilla "modern" recommendation: https://ssl-config.mozilla.org/#server=haproxy&version=2.1&config=modern&openssl=1.1.1k&guideline=5.7 if you want to revert to the old settings, set: kolla_haproxy_ssl_settings: "legacy" in globals.yaml alternatively you can also set it to "intermediate" for a middle ground between security and accessibility. this also adjusts the glance and neutron tls proxy ssl settings in their dedicated haproxy config templates to use the same mechanism. also add some haproxy related docs to the TLS guide and cross reference it from the haproxy-guide. Closes-Bug: #2060787 Signed-off-by:
