OpenStack Controllers have vulnerability SSL Medium Strength Cipher Suites Supported (SWEET32)
Issue
-
Our InfoSec team is requesting to remove the Medium Strength Ciphers
-
We're trying to set :
controllerExtraConfig:
tripleo::haproxy::ssl_cipher_suite: '!SSLv2:kEECDH:kRSA:kEDH:kPSK:!3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES'
but we always see the default value in /etc/haproxy/haproxy.cfg
:
!SSLv2:kEECDH:kRSA:kEDH:kPSK:+3DES:!aNULL:!eNULL:!MD5:!EXP:!RC4:!SEED:!IDEA:!DES
Environment
- Red Hat OpenStack Platform 10.0 (RHOSP)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.