rcarpa
commented
2 years ago Sorry, I meant
{% if RUCIO_SSL_PROTOCOL is defined %}
SSLProtocol {{ RUCIO_SSL_PROTOCOL }}
{% else %}
SSLProtocol +TLSv1.2
{% endif %}Closed bjwhite-fnal closed 2 years ago
rcarpa
commented
2 years ago Sorry, I meant
{% if RUCIO_SSL_PROTOCOL is defined %}
SSLProtocol {{ RUCIO_SSL_PROTOCOL }}
{% else %}
SSLProtocol +TLSv1.2
{% endif %}
bjwhite-fnal
commented
2 years ago Good point, that is cleaner.
rcarpa
commented
2 years ago @bjwhite-fnal , on another thought, are you sure that it must be "+TLSv1.2" and not "TLSv1.2". I have almost no experience with apache, but the '+' seems like it will add tls1.2 to the default list, which will basically result in activating the insecure SSLv3.
Never mind, seems correct after reading the documentation. Sorry for the noise
bari12
commented
2 years ago I think it would be better if we wait for 1.28 for this.
bjwhite-fnal
commented
2 years ago I can live without it for a while. I'm still on 1.26 for all my deployments currently anyway.
bari12
commented
2 years ago 👍 I am not sure if this is an issue for anyone, it might not be. But I would rather just change it with a feature release where people are prepared for such a change.
Closes #175