From c7b948a892594f62f81c42372ed92d61861af5a8 Mon Sep 17 00:00:00 2001 From: Derrick Dymock Date: Wed, 15 Oct 2014 10:52:31 -0700 Subject: [PATCH] Remove the SSLv3 by default in the vhost resource. --- manifests/resource/vhost.pp | 6 +++--- spec/defines/resource_vhost_spec.rb | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index ba607f3c5..2f4b6b2f8 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -51,8 +51,8 @@ # Support. This is not generated by this module. # [*ssl_port*] - Default IP Port for NGINX to listen with this SSL # vHost on. Defaults to TCP 443 -# [*ssl_protocols*] - SSL protocols enabled. Defaults to 'SSLv3 TLSv1 -# TLSv1.1 TLSv1.2'. +# [*ssl_protocols*] - SSL protocols enabled. Defaults to 'TLSv1 TLSv1.1 +# TLSv1.2'. # [*ssl_ciphers*] - SSL ciphers enabled. Defaults to # 'HIGH:!aNULL:!MD5'. # [*ssl_stapling*] - Bool: Enables or disables stapling of OCSP @@ -165,7 +165,7 @@ $ssl_dhparam = undef, $ssl_key = undef, $ssl_port = '443', - $ssl_protocols = 'SSLv3 TLSv1 TLSv1.1 TLSv1.2', + $ssl_protocols = 'TLSv1 TLSv1.1 TLSv1.2', $ssl_ciphers = 'HIGH:!aNULL:!MD5', $ssl_cache = 'shared:SSL:10m', $ssl_stapling = false, diff --git a/spec/defines/resource_vhost_spec.rb b/spec/defines/resource_vhost_spec.rb index 08a0b0142..fa687ee8f 100644 --- a/spec/defines/resource_vhost_spec.rb +++ b/spec/defines/resource_vhost_spec.rb @@ -441,8 +441,8 @@ { :title => 'should set the SSL protocols', :attr => 'ssl_protocols', - :value => 'SSLv3', - :match => %r'\s+ssl_protocols\s+SSLv3;', + :value => 'TLSv1', + :match => %r'\s+ssl_protocols\s+TLSv1;', }, { :title => 'should set the SSL ciphers',