From db2253601da79418cbbd338749d7fa507022c043 Mon Sep 17 00:00:00 2001
From: Seth Foster <fosterbseth@gmail.com>
Date: Mon, 27 Mar 2023 11:07:30 -0400
Subject: [PATCH] Allow TLS 1.2 for Receptor connections

- Required for FIPS environment where TLS 1.3 is
not supported
- TLS 1.3 can still be used if the nodes
both agree to use during handshake.
---
 awx/api/templates/instance_install_bundle/group_vars/all.yml | 1 +
 awx/main/tasks/receptor.py                                   | 1 +
 2 files changed, 2 insertions(+)

diff --git a/awx/api/templates/instance_install_bundle/group_vars/all.yml b/awx/api/templates/instance_install_bundle/group_vars/all.yml
index d0eb00f6b9..c23ed2d016 100644
--- a/awx/api/templates/instance_install_bundle/group_vars/all.yml
+++ b/awx/api/templates/instance_install_bundle/group_vars/all.yml
@@ -2,6 +2,7 @@ receptor_user: awx
 receptor_group: awx
 receptor_verify: true
 receptor_tls: true
+receptor_mintls13: false
 receptor_work_commands:
   ansible-runner:
     command: ansible-runner
diff --git a/awx/main/tasks/receptor.py b/awx/main/tasks/receptor.py
index 9cb4d49efe..b1d9e0cfa8 100644
--- a/awx/main/tasks/receptor.py
+++ b/awx/main/tasks/receptor.py
@@ -668,6 +668,7 @@ RECEPTOR_CONFIG_STARTER = (
             'rootcas': '/etc/receptor/tls/ca/receptor-ca.crt',
             'cert': '/etc/receptor/tls/receptor.crt',
             'key': '/etc/receptor/tls/receptor.key',
+            'mintls13': False,
         }
     },
 )