From 66c25d20b8571e29460a46e8d67984d4944ffb05 Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Sat, 15 Jun 2024 20:57:58 +0000
Subject: [PATCH] nginx_site: Disable support for custom tls config

---
 roles/nginx_site/templates/site.conf.j2 | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/roles/nginx_site/templates/site.conf.j2 b/roles/nginx_site/templates/site.conf.j2
index eaf21e4..afc3dae 100644
--- a/roles/nginx_site/templates/site.conf.j2
+++ b/roles/nginx_site/templates/site.conf.j2
@@ -20,13 +20,6 @@ server {
 
     add_header Strict-Transport-Security "max-age=63072000" always;
 
-{% if nginx_site_ssl_config is defined %}
-{%   if nginx_site_ssl_config == "old" %}
-    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
-    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
-    ssl_prefer_server_ciphers on;
-{%   endif %}
-{% endif %}
     ssl_certificate {{ tls_certs }}/{{ nginx_site_name }}-fullchain.crt;
     ssl_certificate_key {{ tls_private }}/{{ nginx_site_name }}.key;