Benjamin Neff
il y a 4 ans
1 fichiers modifiés avec 6 ajouts et 6 suppressions
+ 6
- 6
apache/files/Debian/ssl.conf.jinja
Voir le fichier
| @@ -39,7 +39,7 @@ | |||
| SSLPassPhraseDialog exec:/usr/share/apache2/ask-for-passphrase | |||
| # Inter-Process Session Cache: | |||
| # Configure the SSL Session Cache: First the mechanism | |||
| # Configure the SSL Session Cache: First the mechanism | |||
| # to use and second the expiring timeout (in seconds). | |||
| # (The mechanism dbm has known memory leaks and should not be used). | |||
| #SSLSessionCache dbm:${APACHE_RUN_DIR}/ssl_scache | |||
| @@ -48,7 +48,7 @@ | |||
| # Semaphore: | |||
| # Configure the path to the mutual exclusion semaphore the | |||
| # SSL engine uses internally for inter-process synchronization. | |||
| # SSL engine uses internally for inter-process synchronization. | |||
| # (Disabled by default, the global Mutex directive consolidates by default | |||
| # this) | |||
| #Mutex file:${APACHE_LOCK_DIR}/ssl_mutex ssl-cache | |||
| @@ -59,7 +59,7 @@ | |||
| # ciphers(1) man page from the openssl package for list of all available | |||
| # options. | |||
| # Enable only secure ciphers: | |||
| {# default from https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 #} | |||
| {#- default from https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29 #} | |||
| SSLCipherSuite {{ salt['pillar.get']('apache:ssl:SSLCipherSuite', 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS') }} | |||
| # SSL server cipher order preference: | |||
| @@ -84,8 +84,8 @@ | |||
| # Default: Off | |||
| #SSLStrictSNIVHostCheck On | |||
| {% set use_stapling = salt['pillar.get']('apache:ssl:SSLUseStapling', 'Off') %} | |||
| {% if use_stapling == 'On' %} | |||
| {% set use_stapling = salt['pillar.get']('apache:ssl:SSLUseStapling', 'Off') -%} | |||
| {% if use_stapling == 'On' -%} | |||
| # Stapling configuration | |||
| # Default: Off | |||
| # | |||
| @@ -95,7 +95,7 @@ | |||
| SSLStaplingResponderTimeout {{ salt['pillar.get']('SSLStaplingResponderTimeout', '5') }} | |||
| SSLStaplingReturnResponderErrors {{ salt['pillar.get']('SSLStaplingReturnResponderErrors', 'Off') }} | |||
| SSLStaplingCache {{ salt['pillar.get']('SSLStaplingCache', 'shmcb:/var/run/ocsp(128000)') }} | |||
| {% endif %} | |||
| {%- endif %} | |||
| </IfModule> | |||
| # vim: syntax=apache ts=4 sw=4 sts=4 sr noet | |||
Chargement…