|
123456789101112131415161718 |
- # Managed by saltstack
-
- {% set data = {
- 'SSLCipherSuite': 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA',
- 'SSLCompression': 'Off',
- 'SSLProtocol': 'all -SSLv2 -SSLv3 -TLSv1',
- 'SSLHonorCipherOrder': 'On',
- 'SSLOptions': '+StrictRequire',
- } -%}
- {%- do data.update(salt['pillar.get']('apache:mod_ssl', {})) %}
-
- <IfModule mod_ssl.c>
- {%- for key, value in data.items() %}
- {%- if not key == 'manage_tls_defaults' %}
- {{ key }} {{ value }}
- {%- endif %}
- {%- endfor %}
- </IfModule>
|