]> git.openstreetmap.org Git - chef.git/commitdiff
projects / chef.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dda82d7)
Use ffdhe2048 DH parameters from RFC 7919
authorTom Hughes <tom@compton.nu>
Mon, 21 Sep 2020 18:30:10 +0000 (19:30 +0100)
committerTom Hughes <tom@compton.nu>
Mon, 21 Sep 2020 18:30:10 +0000 (19:30 +0100)
Taken from latest Mozilla recomendations which prefer those
over generating your own parameters.

cookbooks/ssl/files/default/dhparam.pem [new file with mode: 0644] patch | blob
cookbooks/ssl/recipes/default.rb patch | blob | history

diff --git a/cookbooks/ssl/files/default/dhparam.pem b/cookbooks/ssl/files/default/dhparam.pem
new file mode 100644 (file)
index 0000000..9b182b7
--- /dev/null
+++ b/cookbooks/ssl/files/default/dhparam.pem
@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz
++8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a
+87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7
+YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi
+7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD
+ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg==
+-----END DH PARAMETERS-----
diff --git a/cookbooks/ssl/recipes/default.rb b/cookbooks/ssl/recipes/default.rb
index 4ec5e85c333de9af235a6c24108292d3df9e7011..c540b929842c03bd30c4d442148bd4e60e84de55 100644 (file)
--- a/cookbooks/ssl/recipes/default.rb
+++ b/cookbooks/ssl/recipes/default.rb
@@ -27,8 +27,9 @@ cookbook_file "/etc/ssl/certs/letsencrypt.pem" do
   backup false
 end
 
-openssl_dhparam "/etc/ssl/certs/dhparam.pem" do
+cookbook_file "/etc/ssl/certs/dhparam.pem" do
   owner "root"
   group "root"
   mode "444"
+  backup false
 end
Chef configuration management public repo for configuring & maintaining the OpenStreetMap servers.