From 8538ecd50738ada6eb2b7a338a4ceb1cbca71313 Mon Sep 17 00:00:00 2001
From: Olivier Buisson <olivier@openkumo.fr>
Date: Mon, 13 Mar 2017 14:57:59 +0100
Subject: Force to use TLSv1.2 (related to
 https://github.com/openshift/openshift-ansible/pull/2707)

---
 roles/openshift_master/tasks/main.yml | 2 +-
 roles/openshift_node/tasks/main.yml   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'roles')

diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 2ef61cddf..98e0da1a2 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -249,7 +249,7 @@
   # Using curl here since the uri module requires python-httplib2 and
   # wait_for port doesn't provide health information.
   command: >
-    curl --silent
+    curl --silent --tlsv1.2
     {% if openshift.common.version_gte_3_2_or_1_2 | bool %}
     --cacert {{ openshift.common.config_base }}/master/ca-bundle.crt
     {% else %}
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index 691227915..626248306 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -153,7 +153,7 @@
   # Using curl here since the uri module requires python-httplib2 and
   # wait_for port doesn't provide health information.
   command: >
-    curl --silent --cacert {{ openshift.common.config_base }}/node/ca.crt
+    curl --silent --tlsv1.2 --cacert {{ openshift.common.config_base }}/node/ca.crt
     {{ openshift_node_master_api_url }}/healthz/ready
   args:
     # Disables the following warning:
-- 
cgit v1.2.3