Remove duplication of the defaulkt cipher string
authorTom Hughes <tom@compton.nu>
Fri, 19 Dec 2014 08:51:43 +0000 (08:51 +0000)
committerTom Hughes <tom@compton.nu>
Fri, 19 Dec 2014 08:51:43 +0000 (08:51 +0000)
cookbooks/apache/templates/default/ssl.erb
cookbooks/ssl/attributes/default.rb
cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb

index 1124f66d8550539316227603eb978910a9423780..f7cbb27122c2f412e21b2a5e748f26e958a00cf3 100644 (file)
@@ -3,7 +3,7 @@
 SSLProtocol All -SSLv2 -SSLv3
 
 SSLHonorCipherOrder On
-SSLCipherSuite aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5
+SSLCipherSuite <%= node[:ssl][:ciphers] -%>
 
 SSLCertificateFile /etc/ssl/certs/<%= @certificate %>.pem
 SSLCertificateKeyFile /etc/ssl/private/<%= @certificate %>.key
index d7a4147a0b98de16afdbb034ad2f8dbc66a83af9..2804f6ea53ee85e8cecbb929a17f4ce9b130f30c 100644 (file)
@@ -1 +1,2 @@
 default[:ssl][:certificates] = []
+default[:ssl][:ciphers] = "aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5"
index 2a9bbb11e09e2a81d7a82327ba872136b52e1f17..20f94dcd7f58203e8376cd4a672c317eeba6e036 100644 (file)
@@ -8,7 +8,7 @@ server {
     ssl_certificate_key  /etc/ssl/private/<%= @certificate %>.key;
 
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5;
+    ssl_ciphers <%= node[:ssl][:ciphers] -%>;
     ssl_prefer_server_ciphers on;
     ssl_session_cache shared:SSL:30m;
     ssl_session_timeout 15m;