How to secure SSL/TLS configuration of Red Hat OpenStack Platform against DROWN and Poodle Attack
Issue
A verification via an SSL analyzer (e.g. ssllabs ) of horizon and swift endpoints receives classification F due the fact that the SSL/TLS configuration is vulnerable for Poodle and DROWN attack. How can one fix that?
Some of the error message that one might see in addition to poodle:
- DROWN attack (Experimental: This server is vulnerable to the DROWN attack. Grade set to F.) *
- Weak Diffie-Hellman *
- This server accepts RC4 cipher, but only with older protocol versions *
- This server's certificate chain is incomplete *
Environment
Red Hat Enterprise Linux OpenStack Platform 7.0
Red Hat OpenStack Platform 8.0
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
