From 1086f61b49396e0e64ddd6a87e0738767db7cc78 Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Fri, 19 Dec 2014 08:51:43 +0000 Subject: [PATCH] Remove duplication of the defaulkt cipher string --- cookbooks/apache/templates/default/ssl.erb | 2 +- cookbooks/ssl/attributes/default.rb | 1 + cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/cookbooks/apache/templates/default/ssl.erb b/cookbooks/apache/templates/default/ssl.erb index 1124f66d8..f7cbb2712 100644 --- a/cookbooks/apache/templates/default/ssl.erb +++ b/cookbooks/apache/templates/default/ssl.erb @@ -3,7 +3,7 @@ SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder On -SSLCipherSuite aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5 +SSLCipherSuite <%= node[:ssl][:ciphers] -%> SSLCertificateFile /etc/ssl/certs/<%= @certificate %>.pem SSLCertificateKeyFile /etc/ssl/private/<%= @certificate %>.key diff --git a/cookbooks/ssl/attributes/default.rb b/cookbooks/ssl/attributes/default.rb index d7a4147a0..2804f6ea5 100644 --- a/cookbooks/ssl/attributes/default.rb +++ b/cookbooks/ssl/attributes/default.rb @@ -1 +1,2 @@ default[:ssl][:certificates] = [] +default[:ssl][:ciphers] = "aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5" diff --git a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb index 2a9bbb11e..20f94dcd7 100644 --- a/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb +++ b/cookbooks/tilecache/templates/default/nginx_tile_ssl.conf.erb @@ -8,7 +8,7 @@ server { ssl_certificate_key /etc/ssl/private/<%= @certificate %>.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_ciphers aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5; + ssl_ciphers <%= node[:ssl][:ciphers] -%>; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:30m; ssl_session_timeout 15m; -- 2.45.1