Reviewed: https://review.openstack.org/147133 Committed: https://git.openstack.org/cgit/stackforge/os-ansible-deployment/commit/?id=9c7a71bd2b14ad3f5c705a949c03e39f849d8526 Submitter: Jenkins Branch: juno commit 9c7a71bd2b14ad3f5c705a949c03e39f849d8526 Author: Jesse Pretorius <jesse.pretorius at rackspace.co.uk> Date: Mon Dec 22 12:01:14 2014 +0000 Improve Apache SSL configuration This patch implements changes in the SSL configuration to ensure that Horizon is not vulnerable to common SSL and TLS attack vectors. SecurityImpact Change-Id: I2e24ea3b99c7caadfbc8992ac78648cfdc6c301d Closes-Bug: #1404862 (cherry picked from commit b11236a6e25585c49c6bdf7d15eb17542bca0c88) -- You received this bug notification because you are a member of OpenStack Security Group, which is subscribed to OpenStack. https://bugs.launchpad.net/bugs/1404862 Title: Horizon SSL configuration vulnerable Status in Ansible playbooks for deploying OpenStack: Fix Committed Status in openstack-ansible icehouse series: In Progress Status in openstack-ansible juno series: In Progress Bug description: Currently the Apache configuration for Horizon is very simple and therefore vulnerable to various forms of SSL and TLS attack vectors. The Qualys SSL test on the default setup results in a C grading. In order to ensure that best practices are implemented and anyone using os-ansible-deployment has a secure by default setup, this needs to be addressed. To manage notifications about this bug go to: https://bugs.launchpad.net/openstack-ansible/+bug/1404862/+subscriptions