apache-formula/apache/files/tls-defaults.conf.jinja

# Managed by saltstack

{% set data = {
  'SSLCipherSuite': 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA',
  'SSLCompression': 'Off',
  'SSLProtocol': 'all -SSLv2 -SSLv3 -TLSv1',
  'SSLHonorCipherOrder': 'On',
  'SSLOptions': '+StrictRequire',
} -%}
{%- do data.update(salt['pillar.get']('apache:mod_ssl', {})) %}

<IfModule mod_ssl.c>
{%- for key, value in data.items() %}
{%-   if not key == 'manage_tls_defaults' %}
{{ key }} {{ value }}
{%-   endif %}
{%- endfor %}
</IfModule>