]> review.fuel-infra Code Review - puppet-modules/puppet-ceilometer.git/commitdiff
Code Review / puppet-modules / puppet-ceilometer.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 953ce50)
Switch to TLSv1 as SSLv3 is considered insecure and is disabled by default
authorLukas Bezdicka <lbezdick@redhat.com>
Fri, 2 Jan 2015 19:04:10 +0000 (20:04 +0100)
committerLukas Bezdicka <social@v3.sk>
Tue, 13 Jan 2015 14:23:14 +0000 (14:23 +0000)
Rabbitmq won't talk to us anymore if we try to use SSLv3 as it disabled
support for SSLv3. Openstack components use python's openssl
implementation which does not support TLSv1.1 and TLSv1.2 yet so we
just switch to TLSv1. Support for newer TLS should come with python
2.7.9+

Closes-Bug: #1409667
Change-Id: I00cfa06030b84ae23cb8548b74cf5684562377aa
(cherry picked from commit 90247cf8cd0eac760d5b8eb986ceacf0db3fcc7f)

manifests/init.pp patch | blob | history
spec/classes/ceilometer_init_spec.rb patch | blob | history

diff --git a/manifests/init.pp b/manifests/init.pp
index 66aada3df88aaf4ee850bba5df6ebd98cd1bf094..823fc5b017c58c5c086f90a1b4f0e05112d758f8 100644 (file)
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -53,7 +53,7 @@
 #    (optional) SSL version to use (valid only if SSL enabled).
 #    Valid values are TLSv1, SSLv23 and SSLv3. SSLv2 may be
 #    available on some distributions.
-#    Defaults to 'SSLv3'
+#    Defaults to 'TLSv1'
 #
 # [*qpid_hostname*]
 # [*qpid_port*]
@@ -91,7 +91,7 @@ class ceilometer(
   $kombu_ssl_ca_certs  = undef,
   $kombu_ssl_certfile  = undef,
   $kombu_ssl_keyfile   = undef,
-  $kombu_ssl_version   = 'SSLv3',
+  $kombu_ssl_version   = 'TLSv1',
   $qpid_hostname = 'localhost',
   $qpid_port = 5672,
   $qpid_username = 'guest',
diff --git a/spec/classes/ceilometer_init_spec.rb b/spec/classes/ceilometer_init_spec.rb
index a4b69188a2803a67729e83302df94630015cfe02..1da2e3200f68534e7cd041f3e8f9da32ce27bf6e 100644 (file)
--- a/spec/classes/ceilometer_init_spec.rb
+++ b/spec/classes/ceilometer_init_spec.rb
@@ -252,7 +252,7 @@ describe 'ceilometer' do
       it { should contain_ceilometer_config('DEFAULT/kombu_ssl_ca_certs').with_ensure('absent') }
       it { should contain_ceilometer_config('DEFAULT/kombu_ssl_certfile').with_ensure('absent') }
       it { should contain_ceilometer_config('DEFAULT/kombu_ssl_keyfile').with_ensure('absent') }
-      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('SSLv3') }
+      it { should contain_ceilometer_config('DEFAULT/kombu_ssl_version').with_value('TLSv1') }
     end
 
     context "with SSL wrongly configured" do