From 43458a865f8c278daeefff5b6661dc12c76e5127 Mon Sep 17 00:00:00 2001
From: Jimmy McCrory <jimmy.mccrory@gmail.com>
Date: Wed, 13 Dec 2017 16:18:16 -0800
Subject: [PATCH] Limit Galera SSL to TLSv1.2 ciphers

When 'galera_use_ssl' is enabled, only allow TLSv1.2 supported cipher
suites.

Change-Id: Ifd2686ce64a92614b1dac5b8a5819461bf6d9d90
---
 templates/my.cnf.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/templates/my.cnf.j2 b/templates/my.cnf.j2
index d9f117f2..c5595928 100644
--- a/templates/my.cnf.j2
+++ b/templates/my.cnf.j2
@@ -37,6 +37,7 @@ server-id = {{ galera_server_id }}
 ssl-ca = {{ galera_ssl_ca_cert }}
 ssl-cert = {{ galera_ssl_cert }}
 ssl-key = {{ galera_ssl_key }}
+ssl-cipher = TLSv1.2
 {% endif %}
 
 # LOGGING #