From cea629a38070a87aef6240f7fa82823ee8bcb5ca Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Fri, 19 Dec 2014 12:36:18 +0200
Subject: [PATCH] apache: Use $ssl::ciphersuites::default_ciphersuites for SSL
 sites.

---
 apache/manifests/init.pp             | 1 +
 apache/templates/site.https.conf.erb | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/apache/manifests/init.pp b/apache/manifests/init.pp
index f8c1864..1742213 100644
--- a/apache/manifests/init.pp
+++ b/apache/manifests/init.pp
@@ -6,6 +6,7 @@ import "redhat.pp"
 class apache::common {
 
     include lsof
+    include ssl::ciphersuites
 
     case $::operatingsystem {
         debian,ubuntu: {
diff --git a/apache/templates/site.https.conf.erb b/apache/templates/site.https.conf.erb
index 48ff2da..9eb9649 100644
--- a/apache/templates/site.https.conf.erb
+++ b/apache/templates/site.https.conf.erb
@@ -22,7 +22,7 @@ SSLProtocol all -SSLv2 -SSLv3
 # List the ciphers that the client is permitted to negotiate.
 # See the mod_ssl documentation for a complete list.
 SSLHonorCipherOrder On
-SSLCipherSuite RC4-SHA:HIGH:!ADH
+SSLCipherSuite <%= scope.lookupvar('ssl::ciphersuites::default_ciphersuites') %>
 
 #   Server Certificate:
 # Point SSLCertificateFile at a PEM encoded certificate.  If