]> review.fuel-infra Code Review - puppet-modules/puppet-ceilometer.git/commitdiff
Code Review / puppet-modules / puppet-ceilometer.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 542236a)
Switch to TLSv1 as SSLv3 is considered insecure and is disabled by default
authorLukas Bezdicka <lbezdick@redhat.com>
Fri, 2 Jan 2015 19:04:10 +0000 (20:04 +0100)
committerGael Chamoulaud <gchamoul@redhat.com>
Wed, 25 Mar 2015 10:32:24 +0000 (10:32 +0000)
Rabbitmq won't talk to us anymore if we try to use SSLv3 as it disabled
support for SSLv3. Openstack components use python's openssl
implementation which does not support TLSv1.1 and TLSv1.2 yet so we
just switch to TLSv1. Support for newer TLS should come with python
2.7.9+

Closes-Bug: #1409667
Change-Id: I00cfa06030b84ae23cb8548b74cf5684562377aa
(cherry picked from commit 90247cf8cd0eac760d5b8eb986ceacf0db3fcc7f)

manifests/init.pp patch | blob | history
spec/classes/ceilometer_init_spec.rb patch | blob | history

diff --git a/manifests/init.pp b/manifests/init.pp
index c5bd7f57c60d3aef0b87542f211ea314561e00c8..87302fa12d301d47c0e725740bc6d89c325f12ec 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -53,7 +53,7 @@
 #    (optional) SSL version to use (valid only if SSL enabled).
 #    Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
 #    available on some distributions.
-#    Defaults to 'SSLv3'
+#    Defaults to 'TLSv1'
 #
 # [*qpid_hostname*]
 # [*qpid_port*]
@@ -91,7 +91,7 @@ class ceilometer(
   $kombu_ssl_ca_certs  = undef,
   $kombu_ssl_certfile  = undef,
   $kombu_ssl_keyfile   = undef,
-  $kombu_ssl_version   = 'SSLv3',
+  $kombu_ssl_version   = 'TLSv1',
   $qpid_hostname = 'localhost',
   $qpid_port = 5672,
   $qpid_username = 'guest',
diff --git a/spec/classes/ceilometer_init_spec.rb b/spec/classes/ceilometer_init_spec.rb
index 0bcfced443a704beebe349b1c805e332b34eb80a..007386883cd9ca5059bd3c055f766d066fb8c21d 100644 (file)
--- a/spec/classes/ceilometer_init_spec.rb
+++ b/spec/classes/ceilometer_init_spec.rb
@@ -245,7 +245,7 @@ describe 'ceilometer' do
       it { should contain_ceilometer_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent') }
       it { should contain_ceilometer_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent') }
       it { should contain_ceilometer_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent') }
-      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('SSLv3') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('TLSv1') }
     end
 
     context "with SSL wrongly configured" do