openstack/ironic-python-agent
Code Issues Proposed changes
Files
master
ironic-python-agent/ironic_python_agent/api
History
Julia Kreger b357c97dfe Enforce TLS 1.2 minimum across all connections 
Add comprehensive TLS version enforcement to protect against downgrade
attacks and vulnerabilities in deprecated TLS 1.0 and 1.1 protocols.
This applies to both the agent API server (inbound from Ironic) and
all client connections (to Ironic API, Inspector, and image servers).

Operators can configure the minimum TLS version (1.2 or 1.3) and
customize cipher suites for their security requirements. Default
configuration enforces TLS 1.2 with forward-secret AEAD ciphers,
balancing security and compatibility with existing infrastructure.

New configuration options:
- tls_min_version: Minimum TLS protocol version (default: 1.2)
- tls_cipher_suites: Custom cipher suite configuration for TLS 1.2

Both options support kernel parameters (ipa-tls-min-version and
ipa-tls-cipher-suites) for deployment flexibility.

Assisted-By: Claude Code - Claude Sonnet 4.5
Change-Id: Id6bafa3e34e79fb0b64d5a0b1e3868c82af6647c
Signed-off-by: Julia Kreger <juliaashleykreger@gmail.com>
2026-04-09 17:00:27 -07:00
..
__init__.py
Use # instead of """ for copyright blocks
2014-04-10 07:14:06 -07:00
app.py
Enforce TLS 1.2 minimum across all connections
2026-04-09 17:00:27 -07:00
request_log.py
Add request logging for API requests
2025-12-05 09:06:10 -08:00