How to secure SSL/TLS configuration of Red Hat OpenStack Platform against DROWN and Poodle Attack

Solution In Progress - Updated -


Note: For later versions of OSP, see the documentation. E.g., for OSP 13, refer to:

A verification via an SSL analyzer (e.g. ssllabs ) of horizon and swift endpoints receives classification F due the fact that the SSL/TLS configuration is vulnerable for Poodle and DROWN attack. How can one fix that?

Some of the error message that one might see in addition to poodle:

 - DROWN attack (Experimental: This server is vulnerable to the DROWN attack. Grade set to F.) *
 - Weak Diffie-Hellman *
 - This server accepts RC4 cipher, but only with older protocol versions *
 - This server's certificate chain is incomplete *


Red Hat Enterprise Linux OpenStack Platform 7.0
Red Hat OpenStack Platform 8.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In