19 lines
686 B
Django/Jinja
19 lines
686 B
Django/Jinja
# Managed by saltstack
|
|
|
|
{% set data = {
|
|
'SSLCipherSuite': 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA',
|
|
'SSLCompression': 'Off',
|
|
'SSLProtocol': 'all -SSLv2 -SSLv3 -TLSv1',
|
|
'SSLHonorCipherOrder': 'On',
|
|
'SSLOptions': '+StrictRequire',
|
|
} -%}
|
|
{%- do data.update(salt['pillar.get']('apache:mod_ssl', {})) %}
|
|
|
|
<IfModule mod_ssl.c>
|
|
{%- for key, value in data.items() %}
|
|
{%- if not key == 'manage_tls_defaults' %}
|
|
{{ key }} {{ value }}
|
|
{%- endif %}
|
|
{%- endfor %}
|
|
</IfModule>
|