]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/apache/templates/default/ssl.erb
apache: remove unneeded combined_extended hack for 20.04
[chef.git] / cookbooks / apache / templates / default / ssl.erb
index ffbbcbb5e7259e0ec5fbb48b8932a867048348ac..81afb3de55cff8182aa3a33a7361c5d6150bd6ba 100644 (file)
@@ -3,11 +3,7 @@
 SSLProtocol All -SSLv2 -SSLv3
 
 SSLHonorCipherOrder On
-SSLCipherSuite <%= node[:ssl][:ciphers] %>
-<% if node[:lsb][:release].to_f < 16.04 -%>
-
-SSLCertificateChainFile /etc/ssl/certs/letsencrypt.pem
-<% end -%>
+SSLCipherSuite <%= node[:ssl][:openssl_ciphers] %>
 
 SSLUseStapling On
 SSLStaplingResponderTimeout 5
@@ -17,4 +13,3 @@ SSLStaplingFakeTryLater off
 SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_ocspcache(512000)
 
 Header always set Strict-Transport-Security "<%= node[:ssl][:strict_transport_security] %>" "expr=%{HTTPS} == 'on'"
-Header always set Expect-CT "max-age=0, report-uri=\"https://openstreetmap.report-uri.com/r/d/ct/reportOnly\"" "expr=%{HTTPS} == 'on'