How to secure SSL/TLS configuration of Red Hat OpenStack Platform against DROWN and Poodle Attack

Solution In Progress - Updated -

Issue

A verification via an SSL analyzer (e.g. ssllabs ) of horizon and swift endpoints receives classification F due the fact that the SSL/TLS configuration is vulnerable for Poodle and DROWN attack. How can one fix that?

Some of the error message that one might see in addition to poodle:

 - DROWN attack (Experimental: This server is vulnerable to the DROWN attack. Grade set to F.) *
 - Weak Diffie-Hellman *
 - This server accepts RC4 cipher, but only with older protocol versions *
 - This server's certificate chain is incomplete *

Environment

Red Hat Enterprise Linux OpenStack Platform 7.0
Red Hat OpenStack Platform 8.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.