From: Ernesto Puerta <epuertat@redhat.com>
Date: Mon, 13 Mar 2023 10:03:37 +0000 (+0100)
Subject: mgr/dashboard: force TLS 1.3
X-Git-Tag: v16.2.12~3^2~40^2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F50527%2Fhead;p=ceph.git

mgr/dashboard: force TLS 1.3

Fixes: https://tracker.ceph.com/issues/58942

Signed-off-by: Ernesto Puerta <epuertat@redhat.com>
(cherry picked from commit cd8946631b222dfff1727083d75dfe2dd825d1a4)
---

diff --git a/src/pybind/mgr/dashboard/module.py b/src/pybind/mgr/dashboard/module.py
index 3ea3cdfe9cf8b..200aac8c7e790 100644
--- a/src/pybind/mgr/dashboard/module.py
+++ b/src/pybind/mgr/dashboard/module.py
@@ -180,9 +180,9 @@ class CherryPyConfig(object):
             context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
             context.load_cert_chain(cert_fname, pkey_fname)
             if sys.version_info >= (3, 7):
-                context.minimum_version = ssl.TLSVersion.TLSv1_2
+                context.minimum_version = ssl.TLSVersion.TLSv1_3
             else:
-                context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1
+                context.options |= ssl.OP_NO_TLSv1 | ssl.OP_NO_TLSv1_1 | ssl.OP_NO_TLSv1_2
 
             config['server.ssl_module'] = 'builtin'
             config['server.ssl_certificate'] = cert_fname