From: Tom Hughes <tom@compton.nu>
Date: Fri, 19 Dec 2014 08:51:43 +0000 (+0000)
Subject: Remove duplication of the defaulkt cipher string
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/1086f61b49396e0e64ddd6a87e0738767db7cc78

Remove duplication of the defaulkt cipher string
---

diff --git a/cookbooks/apache/templates/default/ssl.erb b/cookbooks/apache/templates/default/ssl.erb
index 1124f66d8..f7cbb2712 100644
--- a/cookbooks/apache/templates/default/ssl.erb
+++ b/cookbooks/apache/templates/default/ssl.erb
@@ -3,7 +3,7 @@
 SSLProtocol All -SSLv2 -SSLv3
 
 SSLHonorCipherOrder On
-SSLCipherSuite aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5
+SSLCipherSuite <%= node[:ssl][:ciphers] -%>
 
 SSLCertificateFile /etc/ssl/certs/<%= @certificate %>.pem
 SSLCertificateKeyFile /etc/ssl/private/<%= @certificate %>.key
diff --git a/cookbooks/ssl/attributes/default.rb b/cookbooks/ssl/attributes/default.rb
index d7a4147a0..2804f6ea5 100644
--- a/cookbooks/ssl/attributes/default.rb
+++ b/cookbooks/ssl/attributes/default.rb
@@ -1 +1,2 @@
 default[:ssl][:certificates] = []
+default[:ssl][:ciphers] = "aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5"
diff --git a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
index 2a9bbb11e..20f94dcd7 100644
--- a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
+++ b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb
@@ -8,7 +8,7 @@ server {
     ssl_certificate_key  /etc/ssl/private/<%= @certificate %>.key;
 
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-    ssl_ciphers aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5;
+    ssl_ciphers <%= node[:ssl][:ciphers] -%>;
     ssl_prefer_server_ciphers on;
     ssl_session_cache shared:SSL:30m;
     ssl_session_timeout 15m;