apache: Drop CentOS 7 support

2022-10-30 19:56:14 +00:00 · 2022-10-30 19:56:14 +00:00 · 541908657f
commit 541908657f
parent a29a3ad19a
1 changed files with 2 additions and 6 deletions
--- a/roles/apache/templates/ssl.conf.j2
+++ b/roles/apache/templates/ssl.conf.j2
@ -7,13 +7,9 @@

 Listen 443

-# Use Mozilla recommended settings
-{% if ansible_os_family == "RedHat" and ansible_distribution_major_version|int >= 8 %}
+# generated 2022-10-30, Mozilla Guideline v5.6, Apache 2.4.37, OpenSSL 1.1.1k, modern configuration, no HSTS
+# https://ssl-config.mozilla.org/#server=apache&version=2.4.37&config=modern&openssl=1.1.1k&hsts=false&guideline=5.6
 SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.2
-{% else %}
-SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
-SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
-{% endif %}
 SSLHonorCipherOrder off
 SSLSessionTickets off