Support custom ssl ciphers
diff --git a/rabbitmq/files/rabbitmq.config b/rabbitmq/files/rabbitmq.config
index d030454..9ede2f3 100644
--- a/rabbitmq/files/rabbitmq.config
+++ b/rabbitmq/files/rabbitmq.config
@@ -26,6 +26,10 @@
{certfile,"{{ server.ssl.get('cert_file', '/etc/rabbitmq/ssl/cert.pem') }}"},
{keyfile,"{{ server.ssl.get('key_file', '/etc/rabbitmq/ssl/key.pem') }}"},
{verify,verify_{{ server.ssl.get('verify', 'peer') }}},
+ {versions, [{% if server.ssl.versions is defined %}{% for version in server.ssl.versions %}'{{ version }}'{% if not loop.last %},{% endif %}{% endfor %}{% else %}'tlsv1.2', 'tlsv1.1'{% endif %}]},
+ {%- if server.ssl.ciphers is defined %}
+ {ciphers,[{% for ciph in server.ssl.ciphers %}{ {{ ciph }} }{% if not loop.last %},{% endif %}{% endfor %}]},
+ {%- endif %}
{fail_if_no_peer_cert,false}]
}
{% endif %}
diff --git a/rabbitmq/server/service.sls b/rabbitmq/server/service.sls
index 143613e..f9094f3 100644
--- a/rabbitmq/server/service.sls
+++ b/rabbitmq/server/service.sls
@@ -16,6 +16,17 @@
- require:
- pkg: rabbitmq_packages
+{%- if server.ssl is defined %}
+rabbitmq_ssl:
+ file.directory:
+ - name: /etc/rabbitmq/ssl
+ - user: root
+ - group: rabbitmq
+ - mode: 750
+ - require:
+ - pkg: rabbitmq_packages
+{%- endif %}
+
{%- if grains.os_family == 'Debian' %}
rabbitmq_default_config: