Note: For later versions of OSP, see the documentation. E.g., for OSP 13, refer to: https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/13/html-single/advanced_overcloud_customization/index#changing_the_ssl_tls_cipher_and_rules_for_haproxy
A verification via an SSL analyzer (e.g. ssllabs ) of horizon and swift endpoints receives classification F due the fact that the SSL/TLS configuration is vulnerable for Poodle and DROWN attack. How can one fix that?
Some of the error message that one might see in addition to poodle:
- DROWN attack (Experimental: This server is vulnerable to the DROWN attack. Grade set to F.) * - Weak Diffie-Hellman * - This server accepts RC4 cipher, but only with older protocol versions * - This server's certificate chain is incomplete *
Red Hat Enterprise Linux OpenStack Platform 7.0
Red Hat OpenStack Platform 8.0
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.