OpenStack Controllers have vulnerability SSL Medium Strength Cipher Suites Supported (SWEET32)

Solution In Progress - Updated -


  • Our InfoSec team is requesting to remove the Medium Strength Ciphers

  • We're trying to set :

    tripleo::haproxy::ssl_cipher_suite: '!SSLv2:kEECDH:kRSA:kEDH:kPSK:!3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES'

but we always see the default value in /etc/haproxy/haproxy.cfg:



  • Red Hat OpenStack Platform 10.0 (RHOSP)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In