dustin/configpolicy
1
1
Fork 0
Code Issues Releases Activity

roles/haproxy: Add support for Debian hosts

Browse Source 
Debian does not support system-wide SSL cipher suite profiles of course,
so these options need to be specified explicitly when deploying HAProxy
on Debian-based machines.
This commit is contained in:
Dustin
2019-03-22 09:24:05 -05:00
parent ceb56edf06
commit 909c8e7a03
5 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/haproxy/vars/Debian.yml Normal file
View File

@@ -0,0 +1,2 @@
haproxy_ssl_default_bind_options: no-sslv3
haproxy_default_ssl_default_ciphers: ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS

2
roles/haproxy/vars/defaults.yml Normal file
View File

@@ -0,0 +1,2 @@
haproxy_default_ssl_default_ciphers: PROFILE=SYSTEM
haproxy_default_ssl_default_server_ciphers: PROFILE=SYSTEM