diff --git a/manifests/init.pp b/manifests/init.pp index e4b1d6d2f..1c1f9607a 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -134,6 +134,7 @@ Integer $worker_rlimit_nofile = 1024, $ssl_protocols = 'TLSv1 TLSv1.1 TLSv1.2', $ssl_ciphers = 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS', + Optional[Stdlib::Unixpath] $ssl_dhparam = undef, ### START Package Configuration ### $package_ensure = present, diff --git a/manifests/resource/mailhost.pp b/manifests/resource/mailhost.pp index b2b3466a0..6b508ee27 100644 --- a/manifests/resource/mailhost.pp +++ b/manifests/resource/mailhost.pp @@ -85,7 +85,7 @@ String $ssl_ciphers = $::nginx::ssl_ciphers, Optional[String] $ssl_client_cert = undef, Optional[String] $ssl_crl = undef, - Optional[String] $ssl_dhparam = undef, + Optional[String] $ssl_dhparam = $::nginx::ssl_dhparam, Optional[String] $ssl_ecdh_curve = undef, Optional[String] $ssl_key = undef, Optional[String] $ssl_password_file = undef, diff --git a/manifests/resource/server.pp b/manifests/resource/server.pp index 0fe501901..ba9ee4205 100644 --- a/manifests/resource/server.pp +++ b/manifests/resource/server.pp @@ -42,7 +42,7 @@ # [*ssl_verify_client*] - Enables verification of client certificates. # [*ssl_crl*] - String: Specifies CRL path in file system # [*ssl_dhparam*] - This directive specifies a file containing Diffie-Hellman key agreement protocol cryptographic -# parameters, in PEM format, utilized for exchanging session keys between server and client. +# parameters, in PEM format, utilized for exchanging session keys between server and client. Defaults to nginx::ssl_dhparam # [*ssl_prefer_server_ciphers*] - String: Specifies that server ciphers should be preferred over client ciphers when using the SSLv3 and # TLS protocols. Defaults to nginx::ssl_prefer_server_ciphers. # [*ssl_redirect*] - Adds a server directive and return statement to force ssl redirect. Will honor ssl_port if it's set. @@ -155,7 +155,7 @@ Optional[Variant[String, Boolean]] $ssl_cert = undef, Optional[String] $ssl_client_cert = undef, Optional[String] $ssl_verify_client = 'on', - Optional[String] $ssl_dhparam = undef, + Optional[String] $ssl_dhparam = $::nginx::ssl_dhparam, Boolean $ssl_redirect = false, Optional[Integer] $ssl_redirect_port = undef, Optional[Variant[String, Boolean]] $ssl_key = undef,