summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMonty Taylor <mordred@inaugust.com>2016-03-01 08:03:15 -0600
committerMonty Taylor <mordred@inaugust.com>2016-03-01 08:04:00 -0600
commitaec75a659fe8f22e364c102e50485c8d320b72cf (patch)
tree473cb698c378076f36e5c984e337a56ef3bfc48b
parent3d6423ebdf6a2f143624cf54463ea2f97f711d88 (diff)
Add SSL Procotol and Cipher config to default vhost
Infra doesn't really use this template, but in case someone else does, update the protocol to only use TLS and update the cipher list to the list of strong ciphers. Change-Id: Ibd8a0e65800e022ab8bc52f6af63c3c85e84419d
Notes
Notes (review): Code-Review+1: Andreas Jaeger <jaegerandi@gmail.com> Code-Review+2: Jeremy Stanley <fungi@yuggoth.org> Code-Review+2: Spencer Krum <nibz@spencerkrum.com> Workflow+1: Spencer Krum <nibz@spencerkrum.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Thu, 03 Mar 2016 19:43:52 +0000 Reviewed-on: https://review.openstack.org/286610 Project: openstack-infra/puppet-httpd Branch: refs/heads/master
-rw-r--r--templates/vhost-proxy.conf.erb2
1 files changed, 2 insertions, 0 deletions
diff --git a/templates/vhost-proxy.conf.erb b/templates/vhost-proxy.conf.erb
index 8966592..5e5818c 100644
--- a/templates/vhost-proxy.conf.erb
+++ b/templates/vhost-proxy.conf.erb
@@ -2,6 +2,8 @@ NameVirtualHost <%= @vhost_name %>:<%= @port %>
2<VirtualHost <%= @vhost_name %>:<%= @port %>> 2<VirtualHost <%= @vhost_name %>:<%= @port %>>
3 <% if @ssl == true %> 3 <% if @ssl == true %>
4 SSLEngine on 4 SSLEngine on
5 SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2
6 SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!EXP:!LOW:!MEDIUM
5 SSLCertificateFile <%= @ssl_path %>/certs/pl.cert 7 SSLCertificateFile <%= @ssl_path %>/certs/pl.cert
6 SSLCertificateKeyFile <%= @ssl_path %>/private/pl.key 8 SSLCertificateKeyFile <%= @ssl_path %>/private/pl.key
7 <% end %> 9 <% end %>