abusesa: Use Mozilla's modern ciphersuites in services nginx config

abusesa/manifests/services.pp

@@ -51,6 +51,8 @@ class abusesa::services(
     content => "umask 007\n",
   }
 
+  include ssl::ciphersuites
+
   nginx::config { 'abusesa.conf':
     content => template('abusesa/services/nginx.conf.erb'),
   }

abusesa/templates/services/nginx.conf.erb

@@ -13,6 +13,12 @@ server {
     ssl_certificate_key <%= @puppet_ssldir %>/private_keys/<%= @homename %>.pem;
     ssl_client_certificate <%= @puppet_ssldir %>/certs/ca.pem;
 
+    ssl_protocols TLSv1.2;
+    ssl_ciphers <%= scope.lookupvar('ssl::ciphersuites::mozilla_modern_ciphersuites') %>;
+    ssl_prefer_server_ciphers on;
+
+    add_header Strict-Transport-Security max-age=15768000;
+
     proxy_buffering off;
 
 <% if @allow_dn -%>