Revision cbda993f
Added by Dominic Cleal about 8 years ago
| templates/settings.yml.erb | ||
|---|---|---|
|
#:ssl_private_key: ssl/private_keys/fqdn.key
|
||
|
<% end -%>
|
||
|
|
||
|
# Use this option only if you need to disable certain cipher suites.
|
||
|
# Note: we use the OpenSSL suite name, take a look at:
|
||
|
# https://www.openssl.org/docs/manmaster/apps/ciphers.html#CIPHER-SUITE-NAMES
|
||
|
# for more information.
|
||
|
<% if ciphers = scope.lookupvar("foreman_proxy::ssl_disabled_ciphers") and ciphers.any? -%>
|
||
|
:ssl_disabled_ciphers:
|
||
|
<% ciphers.each do |c| -%>
|
||
|
<%= " - #{c}" %>
|
||
|
<% end -%>
|
||
|
<% else -%>
|
||
|
#:ssl_disabled_ciphers: [CIPHER-SUITE-1, CIPHER-SUITE-2]
|
||
|
<% end -%>
|
||
|
|
||
|
# the hosts which the proxy accepts connections from
|
||
|
# commenting the following lines would mean every verified SSL connection allowed
|
||
|
<% if thosts = scope.lookupvar("foreman_proxy::trusted_hosts") and thosts.any? -%>
|
||
Also available in: Unified diff
Add ssl_disabled_ciphers configuration option for 1.12