Remove the SSLv3 by default in the vhost resource.

cegeka · Oct 15, 2014 · c7b948a · c7b948a
1 parent 6462208
commit c7b948a
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 5 deletions.
diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp
@@ -51,8 +51,8 @@
 #     Support. This is not generated by this module.
 #   [*ssl_port*]            - Default IP Port for NGINX to listen with this SSL
 #     vHost on. Defaults to TCP 443
-#   [*ssl_protocols*]       - SSL protocols enabled. Defaults to 'SSLv3 TLSv1
-#     TLSv1.1 TLSv1.2'.
+#   [*ssl_protocols*]       - SSL protocols enabled. Defaults to 'TLSv1 TLSv1.1
+#     TLSv1.2'.
 #   [*ssl_ciphers*]         - SSL ciphers enabled. Defaults to
 #     'HIGH:!aNULL:!MD5'.
 #   [*ssl_stapling*]        - Bool: Enables or disables stapling of OCSP
@@ -165,7 +165,7 @@
   $ssl_dhparam            = undef,
   $ssl_key                = undef,
   $ssl_port               = '443',
-  $ssl_protocols          = 'SSLv3 TLSv1 TLSv1.1 TLSv1.2',
+  $ssl_protocols          = 'TLSv1 TLSv1.1 TLSv1.2',
   $ssl_ciphers            = 'HIGH:!aNULL:!MD5',
   $ssl_cache              = 'shared:SSL:10m',
   $ssl_stapling           = false,

diff --git a/spec/defines/resource_vhost_spec.rb b/spec/defines/resource_vhost_spec.rb
@@ -441,8 +441,8 @@
         {
           :title => 'should set the SSL protocols',
           :attr  => 'ssl_protocols',
-          :value => 'SSLv3',
-          :match => %r'\s+ssl_protocols\s+SSLv3;',
+          :value => 'TLSv1',
+          :match => %r'\s+ssl_protocols\s+TLSv1;',
         },
         {
           :title => 'should set the SSL ciphers',