diff options
author | Christian Pointner <equinox@spreadspace.org> | 2020-08-28 20:09:54 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2020-08-28 20:44:13 +0200 |
commit | 067a4c2ce844c0bc48f662e336bd2bc4528b34f3 (patch) | |
tree | 88f83bc06880edbea4742504454117d2660be327 | |
parent | ch-http-proxy: simple forwards are done (diff) |
http|imap-proxy: fix tls encryption to backend (allow TLS1.0)
-rw-r--r-- | chaos-at-home/ch-http-proxy.yml | 8 | ||||
-rw-r--r-- | chaos-at-home/ch-imap-proxy.yml | 6 |
2 files changed, 13 insertions, 1 deletions
diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml index cac572c1..9a80a446 100644 --- a/chaos-at-home/ch-http-proxy.yml +++ b/chaos-at-home/ch-http-proxy.yml @@ -54,7 +54,13 @@ } } - # post_tasks: + post_tasks: + - name: lower minimum tls protocol version to 1.0 + lineinfile: + path: /etc/ssl/openssl.cnf + regexp: '^MinProtocol\s*=' + line: 'MinProtocol = TLSv1.0' + # - name: install systemd service unit for service-ip # copy: # dest: /etc/systemd/system/http-service-ip.service diff --git a/chaos-at-home/ch-imap-proxy.yml b/chaos-at-home/ch-imap-proxy.yml index 967d7613..1a05a39f 100644 --- a/chaos-at-home/ch-imap-proxy.yml +++ b/chaos-at-home/ch-imap-proxy.yml @@ -15,6 +15,12 @@ challenge: http-self-test: false post_tasks: + - name: lower minimum tls protocol version to 1.0 + lineinfile: + path: /etc/ssl/openssl.cnf + regexp: '^MinProtocol\s*=' + line: 'MinProtocol = TLSv1.0' + - name: install stunnel package apt: name: stunnel4 |