Google Git
Sign in
gerrit/docker-gerrit/edb91ce7bb9cd2fc83b6f5e722532fa3433022a6^!/.
commit
edb91ce7bb9cd2fc83b6f5e722532fa3433022a6
[log]
author
Luca Milanesio <luca.milanesio@gmail.com>
Wed Jun 03 16:34:28 2020 +0100
committer
Luca Milanesio <luca.milanesio@gmail.com>
Tue Jun 09 14:28:31 2020 +0000
tree
58b6b7bb8bf9b97a87e52f5f57913050012e5d95
parent
3f800165dacce13bbadd82b585fe0b175b9e4507 [diff]
CentOS 8: make TLS 1.0/1.1 available using LEGACY security policies

CentOS 8 has disabled by default the TLS 1.0/1.1 support, breaking
backward compatibility with existing Gerrit setups.

Enable by default the LEGACY security policies so that they can be
kept for compatibility with earlier versions.

If unwanted, derived Dockerfiles can still set them back to
DEFAULT.

Bug: Issue 12859
Change-Id: I0e411c13025d91fd0028a26b47abcbe048d8c93d

diff --git a/centos/8/Dockerfile b/centos/8/Dockerfile
index 803f61d..e5d0af6 100644
--- a/centos/8/Dockerfile
+++ b/centos/8/Dockerfile

@@ -15,6 +15,9 @@
     rm -f /var/gerrit/etc/{ssh,secure}* && rm -Rf /var/gerrit/{static,index,logs,data,index,cache,git,db,tmp}/* && chown -R gerrit:gerrit /var/gerrit && \
     yum -y clean all
 
+# Enable LEGACY security policies by default (for TLS 1.0/1.1 compatibility)
+RUN update-crypto-policies --set LEGACY
+
 USER gerrit
 
 ENV CANONICAL_WEB_URL=