Revision 8472875d
Added by Ewoud Kohl van Wijngaarden over 1 year ago
config/foreman.hiera/family/RedHat-8.yaml | ||
---|---|---|
---
|
||
apache::mod::ssl::ssl_ciper: 'PROFILE=system'
|
||
# TODO: depends on https://github.com/puppetlabs/puppetlabs-apache/pull/2335
|
||
apache::mod::ssl::ssl_proxy_ciper_suite: 'PROFILE=system'
|
||
# EL8 doesn't have support for SSLv3 anymore and errors out on it. This
|
||
# overrides security.yaml
|
||
apache::mod::ssl::ssl_protocol:
|
Also available in: Unified diff
Fixes #35629 - Default Apache to PROFILE=system ciphers
At least on EL8 it's possible to use PROFILE=system for SSLCipherSuite
and SSLProxyCipherSuite. This allows admins to configure the cipher
suite on a system level and it also means we don't have to keep our
cipher suite up to date.
Today SSLProxyCipherSuite is not yet an option, but Hiera will ignore
unknown keys. When the option becomes available, it will be set.