diff options
author | Jay Mundrawala <jdmundrawala@gmail.com> | 2015-12-11 10:31:27 -0800 |
---|---|---|
committer | Jay Mundrawala <jdmundrawala@gmail.com> | 2016-01-25 09:51:06 -0800 |
commit | 0a3affad66cadc1e9a32afc31160cc1304ef331b (patch) | |
tree | 78fb30b87357173e9664c592ca63bc442c2cafbd /chef-config | |
parent | d999373538ad9861ad8176d2ecd1ead02d487814 (diff) | |
download | chef-0a3affad66cadc1e9a32afc31160cc1304ef331b.tar.gz |
Use sign v1.3 when fips mode is selected
Diffstat (limited to 'chef-config')
-rw-r--r-- | chef-config/lib/chef-config/config.rb | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/chef-config/lib/chef-config/config.rb b/chef-config/lib/chef-config/config.rb index 5705ffbf56..124c5d6464 100644 --- a/chef-config/lib/chef-config/config.rb +++ b/chef-config/lib/chef-config/config.rb @@ -450,10 +450,19 @@ module ChefConfig # Where should chef-solo download recipes from? default :recipe_url, nil + # Set to true if Chef is to set OpenSSL to run in FIPS mode + default :openssl_fips, false + # Sets the version of the signed header authentication protocol to use (see # the 'mixlib-authorization' project for more detail). Currently, versions - # 1.0 and 1.1 are available. - default :authentication_protocol_version, "1.1" + # 1.0, 1.1, and 1.3 are available. + default :authentication_protocol_version do + if openssl_fips + "1.3" + else + "1.1" + end + end # This key will be used to sign requests to the Chef server. This location # must be writable by Chef during initial setup when generating a client |