]> git.openstreetmap.org Git - chef.git/blobdiff - cookbooks/apache/templates/default/ssl.erb
apache: remove unneeded combined_extended hack for 20.04
[chef.git] / cookbooks / apache / templates / default / ssl.erb
index 07f007c50d3951359f5129f9babbccee22a586a8..81afb3de55cff8182aa3a33a7361c5d6150bd6ba 100644 (file)
@@ -1,14 +1,15 @@
 # DO NOT EDIT - This file is being maintained by Chef
 
-SSLHonorCipherOrder On
-SSLCipherSuite aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5
+SSLProtocol All -SSLv2 -SSLv3
 
-SSLCertificateFile /etc/ssl/certs/<%= @certificate %>.pem
-SSLCertificateKeyFile /etc/ssl/private/<%= @certificate %>.key
-SSLCertificateChainFile /etc/ssl/certs/rapidssl.pem
-<% if node[:lsb][:release].to_f >= 14.04 -%>
+SSLHonorCipherOrder On
+SSLCipherSuite <%= node[:ssl][:openssl_ciphers] %>
 
 SSLUseStapling On
+SSLStaplingResponderTimeout 5
+SSLStaplingErrorCacheTimeout 60
 SSLStaplingReturnResponderErrors off
+SSLStaplingFakeTryLater off
 SSLStaplingCache shmcb:${APACHE_RUN_DIR}/ssl_ocspcache(512000)
-<% end -%>
+
+Header always set Strict-Transport-Security "<%= node[:ssl][:strict_transport_security] %>" "expr=%{HTTPS} == 'on'"