foo.sh/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

globally define tls version and ciphers

Browse source
This commit is contained in:
Timo Makinen 2019-05-20 23:33:40 +03:00
parent 7c0c59a187
commit de148708a9
3 changed files with 11 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
group_vars/all.yml
View file

@ -1,3 +1,9 @@
--- ---
# mail settings
mail_server: mail.foo.sh mail_server: mail.foo.sh
mail_domain: foo.sh mail_domain: foo.sh
# tls protocols and ciphers
tls_protocols: TLSv1.2
tls_ciphers: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

4
roles/nginx/server/templates/nginx.conf.j2
View file

@ -18,8 +18,8 @@ http {
ssl on; ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m; ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2; ssl_protocols {{ tls_protocols }};
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256; ssl_ciphers {{ tls_ciphers }};
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
server { server {

3
roles/rsync/server/templates/rsyncd-stunnel.conf.j2
View file

@ -6,5 +6,8 @@ client = no
verify = 2 verify = 2
CAfile = /etc/pki/tls/certs/ca.crt CAfile = /etc/pki/tls/certs/ca.crt
sslVersion = {{ tls_protocols }}
ciphers = {{ tls_ciphers }}
exec = /usr/bin/rsync exec = /usr/bin/rsync
execargs = rsync --daemon --config=/etc/rsyncd.conf execargs = rsync --daemon --config=/etc/rsyncd.conf