apache-formula/apache/files/tls-defaults.conf.jinja
Alexander Weidinger d3110f93f6 Manage TLS defaults
2018-01-10 01:24:17 +01:00

19 lines
686 B
Django/Jinja

# Managed by saltstack
{% set data = {
'SSLCipherSuite': 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA',
'SSLCompression': 'Off',
'SSLProtocol': 'all -SSLv2 -SSLv3 -TLSv1',
'SSLHonorCipherOrder': 'On',
'SSLOptions': '+StrictRequire',
} -%}
{%- do data.update(salt['pillar.get']('apache:mod_ssl', {})) %}
<IfModule mod_ssl.c>
{%- for key, value in data.items() %}
{%- if not key == 'manage_tls_defaults' %}
{{ key }} {{ value }}
{%- endif %}
{%- endfor %}
</IfModule>