Closed dlehrman closed 3 months ago
Thank you for contribution!✨
This PR has been merged and the docs are now incorporated into main
:
https://ansible-collections.github.io/community.crypto/branch/main
@dlehrman thanks a lot for your contribution!
SUMMARY
Adds an option for TLS/SSL CTX options to the get_certificate module. Accepts both string (e.g. OP_LEGACY_SERVER_CONNECT) and integer (e.g. 4) representations for options as some options can be enabled via integer but not string, depending on the Python and/or OpenSSL/LibreSSL versions.
ISSUE TYPE
COMPONENT NAME
get_certificate
ADDITIONAL INFORMATION
I use Ansible to manage various device types (e.g. PDU's, BMC's, etc), some of which do not support secure renegotiation. For devices that do not support secure renegotiation, depending on the Ansible controller, the get_certificate module was experiencing an SSL failure, though I could still interact them with GUI web browsers (Chrome, Firefox).
Without manually enabling OP_LEGACY_SERVER_CONNECT (example endpoint uses 2048 bit cert, TLSv1.2 / AES128-GCM-SHA256, does not support secure renegotiation, cannot be changed):
After manually enabling OP_LEGACY_SERVER_CONNECT:
Relevant task:
Ansible controller properties: