Skip to content

Commit

Permalink
Merge pull request #1096 from alexjfisher/ssl_dhparam_default_from_ba…
Browse files Browse the repository at this point in the history
…se_class

Allow default ssl_dhparam to be set in base class
  • Loading branch information
wyardley authored Jul 27, 2017
2 parents 296cd55 + f8cbdf9 commit 0ec7162
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 3 deletions.
1 change: 1 addition & 0 deletions manifests/init.pp
Original file line number Diff line number Diff line change
Expand Up @@ -134,6 +134,7 @@
Integer $worker_rlimit_nofile = 1024,
$ssl_protocols = 'TLSv1 TLSv1.1 TLSv1.2',
$ssl_ciphers = 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS',
Optional[Stdlib::Unixpath] $ssl_dhparam = undef,

### START Package Configuration ###
$package_ensure = present,
Expand Down
2 changes: 1 addition & 1 deletion manifests/resource/mailhost.pp
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@
String $ssl_ciphers = $::nginx::ssl_ciphers,
Optional[String] $ssl_client_cert = undef,
Optional[String] $ssl_crl = undef,
Optional[String] $ssl_dhparam = undef,
Optional[String] $ssl_dhparam = $::nginx::ssl_dhparam,
Optional[String] $ssl_ecdh_curve = undef,
Optional[String] $ssl_key = undef,
Optional[String] $ssl_password_file = undef,
Expand Down
4 changes: 2 additions & 2 deletions manifests/resource/server.pp
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@
# [*ssl_verify_client*] - Enables verification of client certificates.
# [*ssl_crl*] - String: Specifies CRL path in file system
# [*ssl_dhparam*] - This directive specifies a file containing Diffie-Hellman key agreement protocol cryptographic
# parameters, in PEM format, utilized for exchanging session keys between server and client.
# parameters, in PEM format, utilized for exchanging session keys between server and client. Defaults to nginx::ssl_dhparam
# [*ssl_prefer_server_ciphers*] - String: Specifies that server ciphers should be preferred over client ciphers when using the SSLv3 and
# TLS protocols. Defaults to nginx::ssl_prefer_server_ciphers.
# [*ssl_redirect*] - Adds a server directive and return statement to force ssl redirect. Will honor ssl_port if it's set.
Expand Down Expand Up @@ -155,7 +155,7 @@
Optional[Variant[String, Boolean]] $ssl_cert = undef,
Optional[String] $ssl_client_cert = undef,
Optional[String] $ssl_verify_client = 'on',
Optional[String] $ssl_dhparam = undef,
Optional[String] $ssl_dhparam = $::nginx::ssl_dhparam,
Boolean $ssl_redirect = false,
Optional[Integer] $ssl_redirect_port = undef,
Optional[Variant[String, Boolean]] $ssl_key = undef,
Expand Down

0 comments on commit 0ec7162

Please sign in to comment.