openstack-ansible-haproxy_server/tls_variables-91160d4e38085de4.yaml at eaa81c11fcc506710f7c9f686b1d9852399785b2 - openstack-ansible-haproxy_server - OpenDev: Free Software Needs Free Tools

openstack/openstack-ansible-haproxy_server

Files

Andrew Bonney 0aeaeb590a Adjust default configuration to support TLS v1.3

This adds TLS v1.3 support to the HAProxy role by default, along
with a new variable to manage cipher suites.

The old variable for TLS v1.2 and below ciphers is renamed for
consistency, but is still supported as a default where overridden
by deployments.

Depends-On: https://review.opendev.org/c/openstack/openstack-ansible/+/823943
Change-Id: Iaf9709ac5f5ac8db281a9ec7278cef274186ba15

2022-01-10 08:57:40 +00:00

10 lines

308 B

YAML

Raw Blame History

 ---
 features:
   - |
     The HAProxy role now supports TLS v1.3 by default, alongside TLS v1.2.
 deprecations:
   - |
     The variable 'haproxy_ssl_cipher_suite' is deprecated in favour of
     'haproxy_ssl_cipher_suite_tls12' which will continue to manage
     configuration of ciphers for TLS v1.2 and earlier.