From: Nizamudeen A <nia@redhat.com>
Date: Fri, 24 Nov 2023 05:25:07 +0000 (+0530)
Subject: Revert "mgr/dashboard: allow tls 1.2 with a config option"
X-Git-Tag: testing/wip-batrick-testing-20240411.154038~656^2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=be2125127830668353615734d32aa669ed7c584b;p=ceph-ci.git

Revert "mgr/dashboard: allow tls 1.2 with a config option"

This reverts commit 219c62bea60083c0e59a86454b0cecf8afaf9780.

Signed-off-by: Nizamudeen A <nia@redhat.com>
---

diff --git a/src/pybind/mgr/dashboard/module.py b/src/pybind/mgr/dashboard/module.py
index 68725be6e35..efef273bda0 100644
--- a/src/pybind/mgr/dashboard/module.py
+++ b/src/pybind/mgr/dashboard/module.py
@@ -33,7 +33,7 @@ from .services.auth import AuthManager, AuthManagerTool, JwtManager
 from .services.exception import dashboard_exception_handler
 from .services.rgw_client import configure_rgw_credentials
 from .services.sso import SSO_COMMANDS, handle_sso_command
-from .settings import Settings, handle_option_command, options_command_list, options_schema_list
+from .settings import handle_option_command, options_command_list, options_schema_list
 from .tools import NotificationQueue, RequestLoggingTool, TaskManager, \
     prepare_url_prefix, str_to_bool
 
@@ -178,15 +178,9 @@ class CherryPyConfig(object):
             context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
             context.load_cert_chain(cert_fname, pkey_fname)
             if sys.version_info >= (3, 7):
-                if Settings.UNSAFE_TLS_v1_2:
-                    context.minimum_version = ssl.TLSVersion.TLSv1_2
-                else:
-                    context.minimum_version = ssl.TLSVersion.TLSv1_3
+                context.minimum_version = ssl.TLSVersion.TLSv1_3
             else:
-                if Settings.UNSAFE_TLS_v1_2:
-                    context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
-                else:
-                    context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2
+                context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2
 
             config['server.ssl_module'] = 'builtin'
             config['server.ssl_certificate'] = cert_fname
diff --git a/src/pybind/mgr/dashboard/settings.py b/src/pybind/mgr/dashboard/settings.py
index d4e06a9cc8d..6018f0d7f9c 100644
--- a/src/pybind/mgr/dashboard/settings.py
+++ b/src/pybind/mgr/dashboard/settings.py
@@ -119,8 +119,6 @@ class Options(object):
                                                   'gateway', 'logs', 'crush', 'maps']),
                                         [str])
 
-    UNSAFE_TLS_v1_2 = Setting(False, [bool])
-
     @staticmethod
     def has_default_value(name):
         return getattr(Settings, name, None) is None or \