sebclem/ansible-role-nginx
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Add directive ssl_prefer_server_ciphers (#143)

Browse Source
This commit is contained in:
Philip Henning 2019-07-12 19:56:11 +02:00 committed by Alessandro Fael Garcia
parent e3902b6cb2
commit c730f522f1
3 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -380,6 +380,7 @@ nginx_http_template:
dhparam: /etc/ssl/private/dh_param.pem dhparam: /etc/ssl/private/dh_param.pem
protocols: TLSv1 TLSv1.1 TLSv1.2 protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5 ciphers: HIGH:!aNULL:!MD5
prefer_server_ciphers: true
session_cache: none session_cache: none
session_timeout: 5m session_timeout: 5m
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt

1
defaults/main.yml
View File

@ -192,6 +192,7 @@ nginx_http_template:
dhparam: /etc/ssl/private/dh_param.pem dhparam: /etc/ssl/private/dh_param.pem
protocols: TLSv1 TLSv1.1 TLSv1.2 protocols: TLSv1 TLSv1.1 TLSv1.2
ciphers: HIGH:!aNULL:!MD5 ciphers: HIGH:!aNULL:!MD5
prefer_server_ciphers: true
session_cache: none session_cache: none
session_timeout: 5m session_timeout: 5m
trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt trusted_cert: /etc/ssl/certs/root_CA_cert_plus_intermediates.crt

3
templates/http/default.conf.j2
View File

@ -66,6 +66,9 @@ server {
{% if item.value.ssl.ciphers is defined and item.value.ssl.ciphers %} {% if item.value.ssl.ciphers is defined and item.value.ssl.ciphers %}
ssl_ciphers {{ item.value.ssl.ciphers }}; ssl_ciphers {{ item.value.ssl.ciphers }};
{% endif %} {% endif %}
{% if item.value.ssl.prefer_server_ciphers is defined and item.value.ssl.prefer_server_ciphers %}
ssl_prefer_server_ciphers on;
{% endif %}
{% if item.value.ssl.session_cache is defined and item.value.ssl.session_cache %} {% if item.value.ssl.session_cache is defined and item.value.ssl.session_cache %}
ssl_session_cache {{ item.value.ssl.session_cache }}; ssl_session_cache {{ item.value.ssl.session_cache }};
{% endif %} {% endif %}