From 8538ecd50738ada6eb2b7a338a4ceb1cbca71313 Mon Sep 17 00:00:00 2001 From: Olivier Buisson Date: Mon, 13 Mar 2017 14:57:59 +0100 Subject: Force to use TLSv1.2 (related to https://github.com/openshift/openshift-ansible/pull/2707) --- roles/openshift_master/tasks/main.yml | 2 +- roles/openshift_node/tasks/main.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml index 2ef61cddf..98e0da1a2 100644 --- a/roles/openshift_master/tasks/main.yml +++ b/roles/openshift_master/tasks/main.yml @@ -249,7 +249,7 @@ # Using curl here since the uri module requires python-httplib2 and # wait_for port doesn't provide health information. command: > - curl --silent + curl --silent --tlsv1.2 {% if openshift.common.version_gte_3_2_or_1_2 | bool %} --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt {% else %} diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml index 691227915..626248306 100644 --- a/roles/openshift_node/tasks/main.yml +++ b/roles/openshift_node/tasks/main.yml @@ -153,7 +153,7 @@ # Using curl here since the uri module requires python-httplib2 and # wait_for port doesn't provide health information. command: > - curl --silent --cacert {{ openshift.common.config_base }}/node/ca.crt + curl --silent --tlsv1.2 --cacert {{ openshift.common.config_base }}/node/ca.crt {{ openshift_node_master_api_url }}/healthz/ready args: # Disables the following warning: -- cgit v1.2.3