While we use ansible to deploy all configurations (including https vhost and tls settings), we'd like to modernize that through simple snippet that can be coming from ansible inventory and also review some vhost still allowing TLSv1 and TLSv1.1.
Actions plan:
Metadata Update from @arrfab: - Issue assigned to arrfab
Metadata Update from @arrfab: - Issue tagged with: centos-ci-infra, centos-common-infra, high-gain, medium-trouble
All pushed in httpd role and working on roles importing httpd to ensure they'll use the new var/snippet. Already live for www.centos.org : https://www.ssllabs.com/ssltest/analyze.html?d=www.centos.org
Relevant git commit that shows the httpd_tls_ciphers variable that can also be changed through inventory
httpd_tls_ciphers
Metadata Update from @arrfab: - Issue close_status updated to: Fixed with Explanation - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.