From 85d1973f5fafd66d3e021e2e3ae39b2344ebffc9 Mon Sep 17 00:00:00 2001 From: Timo Makinen Date: Tue, 8 Mar 2016 11:09:15 +0200 Subject: [PATCH] puppet: Remove old hard coded and dangerous cipher suite from puppet::server::passenger class. --- puppet/templates/passenger-httpd.conf.erb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/puppet/templates/passenger-httpd.conf.erb b/puppet/templates/passenger-httpd.conf.erb index 7a209ab..c44ccc6 100644 --- a/puppet/templates/passenger-httpd.conf.erb +++ b/puppet/templates/passenger-httpd.conf.erb @@ -21,8 +21,9 @@ Listen 8140 # SSL settings SSLEngine on - SSLProtocol TLSv1 - SSLCipherSuite DHE-RSA-AES256-SHA + SSLProtocol all -SSLv2 -SSLv3 + SSLHonorCipherOrder On + SSLCipherSuite <%= scope.lookupvar('ssl::ciphersuites::default_ciphersuites') %> # Certificates and keys SSLCertificateFile <%= @puppet_ssldir %>/certs/<%= @homename %>.pem