Merge pull request #3599 from martineg/min_tls_version

Merged by openshift-bot
author: OpenShift Bot <dmcphers+openshiftbot@redhat.com> 2017-03-14 12:09:55 -0400
committer: GitHub <noreply@github.com> 2017-03-14 12:09:55 -0400
commit: bc7816e7700cee6b6ab0bca4ebce20d4678ffa3a (patch)
tree: 7f84259c0386f8adfe73462433bb6fe737fd9b7b /inventory
parent: 8eff5bcea9097c239a3dc487289ad23e20e909b7 (diff)
parent: 91065cc31b9025c44c3b4a9cfcddac4711898e82 (diff)
download: openshift-bc7816e7700cee6b6ab0bca4ebce20d4678ffa3a.tar.gz
openshift-bc7816e7700cee6b6ab0bca4ebce20d4678ffa3a.tar.bz2
openshift-bc7816e7700cee6b6ab0bca4ebce20d4678ffa3a.tar.xz
openshift-bc7816e7700cee6b6ab0bca4ebce20d4678ffa3a.zip
2 files changed, 18 insertions, 0 deletions
diff --git a/inventory/byo/hosts.origin.example b/inventory/byo/hosts.origin.example
index b9ffbf120..bb9f4706a 100644
--- a/inventory/byo/hosts.origin.example
+++ b/inventory/byo/hosts.origin.example
@@ -265,6 +265,15 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 # Override master servingInfo.maxRequestsInFlight
 #openshift_master_max_requests_inflight=500
 
+# Override master and node servingInfo.minTLSVersion and .cipherSuites
+# valid TLS versions are VersionTLS10, VersionTLS11, VersionTLS12
+# example cipher suites override, valid cipher suites are https://golang.org/pkg/crypto/tls/#pkg-constants
+#openshift_master_min_tls_version=VersionTLS12
+#openshift_master_cipher_suites=['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', '...']
+#
+#openshift_node_min_tls_version=VersionTLS12
+#openshift_node_cipher_suites=['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', '...']
+
 # default storage plugin dependencies to install, by default the ceph and
 # glusterfs plugin dependencies will be installed, if available.
 #osn_storage_plugin_deps=['ceph','glusterfs','iscsi']
diff --git a/inventory/byo/hosts.ose.example b/inventory/byo/hosts.ose.example
index 10fc4d6f3..12a1b3991 100644
--- a/inventory/byo/hosts.ose.example
+++ b/inventory/byo/hosts.ose.example
@@ -265,6 +265,15 @@ openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true',
 # Override master servingInfo.maxRequestsInFlight
 #openshift_master_max_requests_inflight=500
 
+# Override master and node servingInfo.minTLSVersion and .cipherSuites
+# valid TLS versions are VersionTLS10, VersionTLS11, VersionTLS12
+# example cipher suites override, valid cipher suites are https://golang.org/pkg/crypto/tls/#pkg-constants
+#openshift_master_min_tls_version=VersionTLS12
+#openshift_master_cipher_suites=['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', '...']
+#
+#openshift_node_min_tls_version=VersionTLS12
+#openshift_node_cipher_suites=['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', '...']
+
 # default storage plugin dependencies to install, by default the ceph and
 # glusterfs plugin dependencies will be installed, if available.
 #osn_storage_plugin_deps=['ceph','glusterfs']
author	OpenShift Bot <dmcphers+openshiftbot@redhat.com>	2017-03-14 12:09:55 -0400
committer	GitHub <noreply@github.com>	2017-03-14 12:09:55 -0400
commit	bc7816e7700cee6b6ab0bca4ebce20d4678ffa3a (patch)
tree	7f84259c0386f8adfe73462433bb6fe737fd9b7b /inventory
parent	8eff5bcea9097c239a3dc487289ad23e20e909b7 (diff)
parent	91065cc31b9025c44c3b4a9cfcddac4711898e82 (diff)
download	openshift-bc7816e7700cee6b6ab0bca4ebce20d4678ffa3a.tar.gz openshift-bc7816e7700cee6b6ab0bca4ebce20d4678ffa3a.tar.bz2 openshift-bc7816e7700cee6b6ab0bca4ebce20d4678ffa3a.tar.xz openshift-bc7816e7700cee6b6ab0bca4ebce20d4678ffa3a.zip