|
|
|
|
2
|
SSLProtocol ALL -SSLv2 -SSLv3
|
2
|
SSLProtocol ALL -SSLv2 -SSLv3
|
3
|
SSLHonorCipherOrder On
|
3
|
SSLHonorCipherOrder On
|
4
|
SSLCompression off
|
4
|
SSLCompression off
|
5
|
-SSLUseStapling On
|
|
|
6
|
-SSLStaplingResponderTimeout 5
|
|
|
7
|
-SSLStaplingReturnResponderErrors off
|
|
|
|
|
5
|
+{% if ansible_distribution_release != 'wheezy' %}
|
|
|
6
|
+ SSLUseStapling On
|
|
|
7
|
+ SSLStaplingResponderTimeout 5
|
|
|
8
|
+ SSLStaplingReturnResponderErrors off
|
|
|
9
|
+{% endif %}
|
8
|
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
|
10
|
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
|
9
|
SSLCertificateFile /etc/ssl/certs/wildcard_public_cert.crt
|
11
|
SSLCertificateFile /etc/ssl/certs/wildcard_public_cert.crt
|
10
|
SSLCertificateKeyFile /etc/ssl/private/wildcard_private.key
|
12
|
SSLCertificateKeyFile /etc/ssl/private/wildcard_private.key
|