Hi all, Right now if you deploy juju-gui or openstack-dashboard (and likely many more) they will follow the 14.04 default and have SSLv3 and RC4 enabled. In both cases this can make the communication insecure.
1) Should we default SSLv3/RC4 to disabled in charms that we know we can? For example, last I checked the OpenStack dashboard does not support IE6, so we don't need SSLv3 support. 2) Should every charm that includes a web server let you override SSLOptions with a specific option? This is likely to happen again, and maybe next time we won't be able to just disable them. Kind regards, Bryan Example results https://www.ssllabs.com/ssltest/analyze.html?d=15.35.213.162.lcy-02.canonistack.canonical.com&hideResults=on -- Juju mailing list Juju@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju