From 541908657f7f4169ae08ebe3620af847fb4e1c99 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Sun, 30 Oct 2022 19:56:14 +0000
Subject: [PATCH] apache: Drop CentOS 7 support

---
 roles/apache/templates/ssl.conf.j2 | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/roles/apache/templates/ssl.conf.j2 b/roles/apache/templates/ssl.conf.j2
index 8f6c0c2..e24750e 100644
--- a/roles/apache/templates/ssl.conf.j2
+++ b/roles/apache/templates/ssl.conf.j2
@@ -7,13 +7,9 @@
 
 Listen 443
 
-# Use Mozilla recommended settings
-{% if ansible_os_family == "RedHat" and ansible_distribution_major_version|int >= 8 %}
+# generated 2022-10-30, Mozilla Guideline v5.6, Apache 2.4.37, OpenSSL 1.1.1k, modern configuration, no HSTS
+# https://ssl-config.mozilla.org/#server=apache&version=2.4.37&config=modern&openssl=1.1.1k&hsts=false&guideline=5.6
 SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
-{% else %}
-SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
-SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
-{% endif %}
 SSLHonorCipherOrder off
 SSLSessionTickets off