http|imap-proxy: fix tls encryption to backend (allow TLS1.0)

author: Christian Pointner <equinox@spreadspace.org> 2020-08-28 20:09:54 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2020-08-28 20:44:13 +0200
commit: 067a4c2ce844c0bc48f662e336bd2bc4528b34f3 (patch)
tree: 88f83bc06880edbea4742504454117d2660be327 /chaos-at-home
parent: ch-http-proxy: simple forwards are done (diff)
2 files changed, 13 insertions, 1 deletions
diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml
index cac572c1..9a80a446 100644
--- a/chaos-at-home/ch-http-proxy.yml
+++ b/chaos-at-home/ch-http-proxy.yml
@@ -54,7 +54,13 @@
           }
         }
 
-  # post_tasks:
+  post_tasks:
+  - name: lower minimum tls protocol version to 1.0
+    lineinfile:
+      path: /etc/ssl/openssl.cnf
+      regexp: '^MinProtocol\s*='
+      line: 'MinProtocol = TLSv1.0'
+
   # - name: install systemd service unit for service-ip
   #   copy:
   #     dest: /etc/systemd/system/http-service-ip.service
diff --git a/chaos-at-home/ch-imap-proxy.yml b/chaos-at-home/ch-imap-proxy.yml
index 967d7613..1a05a39f 100644
--- a/chaos-at-home/ch-imap-proxy.yml
+++ b/chaos-at-home/ch-imap-proxy.yml
@@ -15,6 +15,12 @@
         challenge:
           http-self-test: false
   post_tasks:
+  - name: lower minimum tls protocol version to 1.0
+    lineinfile:
+      path: /etc/ssl/openssl.cnf
+      regexp: '^MinProtocol\s*='
+      line: 'MinProtocol = TLSv1.0'
+
   - name: install stunnel package
     apt:
       name: stunnel4
author	Christian Pointner <equinox@spreadspace.org>	2020-08-28 20:09:54 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2020-08-28 20:44:13 +0200
commit	067a4c2ce844c0bc48f662e336bd2bc4528b34f3 (patch)
tree	88f83bc06880edbea4742504454117d2660be327 /chaos-at-home
parent	ch-http-proxy: simple forwards are done (diff)