commit c07297c42f88eb4d30c65178155719eff2ed4d8d
author Ales Komarek <ales.komarek@tcpcloud.eu> Fri Oct 14 16:43:09 2016 +0200
committer Ales Komarek <ales.komarek@tcpcloud.eu> Fri Oct 14 16:43:09 2016 +0200
tree cbc8920ce31d654c148c17b327c4fa20886f36e4
parent 98f7a4f02971cc3259724deff8e9d78ee2264ff1

Don't include ssl directives in lower versions of HA

haproxy/files/haproxy.cfg

diff --git a/haproxy/files/haproxy.cfg b/haproxy/files/haproxy.cfg
index ff0b75d..8156211 100644
--- a/haproxy/files/haproxy.cfg
+++ b/haproxy/files/haproxy.cfg
@@ -14,6 +14,7 @@
   tune.maxrewrite 1024
   tune.bufsize 32768
   maxconn  16000
+  {%- if salt['pkg.version']('haproxy')[:3] >= '1.6' %}
   # SSL options
   ca-base /etc/haproxy/ssl
   crt-base /etc/haproxy/ssl
@@ -22,6 +23,7 @@
   ssl-default-bind-options no-sslv3 no-tls-tickets
   ssl-default-server-ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
   ssl-default-server-options no-sslv3 no-tls-tickets
+  {%- endif %}
 
 defaults
   log  global