Add default ssl parameters

When using mode 'strict' parameter in ssl configuration of
apache and nginx it is possible to configure apache and nginx
ssl parmeters directly from pillar, instead for parameters
hardcoded in jinja templates. So the default set of ssl parameters
for nginx and apache is placed under system.apache.server.ssl
and nginx.server.proxy.ssl classes, when both classses are included
to cluster level models and _param:nginx_proxy_ssl_enabled and
_param:apache_ssl_enabled are set to true, paremeters from both classes
eill be effective.

Change-Id: I6803c488b16adfe8dfff83f6f036e9358078d2e1
Related-Prod: https://mirantis.jira.com/browse/PROD-20921
diff --git a/apache/server/ssl.yml b/apache/server/ssl.yml
new file mode 100644
index 0000000..b720d5d
--- /dev/null
+++ b/apache/server/ssl.yml
@@ -0,0 +1,112 @@
+parameters:
+  _param:
+    apache_ssl_enabled: false
+    apache_ssl:
+      mode: 'strict'
+      enabled: ${_param:apache_ssl_enabled}
+      engine: salt
+      prefer_server_ciphers: "on"
+      protocols:
+        all:
+          name: 'all'
+          enabled: True
+        excludeSSLv2:
+          name: '-SSLv2'
+          enabled: True
+        excludeSSLv3:
+          name: '-SSLv3'
+          enabled: True
+      ciphers:
+        ECDHE-ECDSA-CHACHA20-POLY1305:
+          name: 'ECDHE-ECDSA-CHACHA20-POLY1305'
+          enabled: True
+        ECDHE-RSA-CHACHA20-POLY1305:
+          name: 'ECDHE-RSA-CHACHA20-POLY1305'
+          enabled: True
+        ECDHE-ECDSA-AES128-GCM-SHA256:
+          name: 'ECDHE-ECDSA-AES128-GCM-SHA256'
+          enabled: True
+        ECDHE-RSA-AES128-GCM-SHA256:
+          name: 'ECDHE-RSA-AES128-GCM-SHA256'
+          enabled: True
+        ECDHE-ECDSA-AES256-GCM-SHA384:
+          name: 'ECDHE-ECDSA-AES256-GCM-SHA384'
+          enabled: True
+        ECDHE-RSA-AES256-GCM-SHA384:
+          name: 'ECDHE-RSA-AES256-GCM-SHA384'
+          enabled: True
+        DHE-RSA-AES128-GCM-SHA256:
+          name: 'DHE-RSA-AES128-GCM-SHA256'
+          enabled: True
+        DHE-RSA-AES256-GCM-SHA384:
+          name: 'DHE-RSA-AES256-GCM-SHA384'
+          enabled: True
+        ECDHE-ECDSA-AES128-SHA256:
+          name: 'ECDHE-ECDSA-AES128-SHA256'
+          enabled: True
+        ECDHE-RSA-AES128-SHA256:
+          name: 'ECDHE-RSA-AES128-SHA256'
+          enabled: True
+        ECDHE-ECDSA-AES128-SHA:
+          name: 'ECDHE-ECDSA-AES128-SHA'
+          enabled: True
+        ECDHE-RSA-AES256-SHA384:
+          name: 'ECDHE-RSA-AES256-SHA384'
+          enabled: True
+        ECDHE-RSA-AES128-SHA:
+          name: 'ECDHE-RSA-AES128-SHA'
+          enabled: True
+        ECDHE-ECDSA-AES256-SHA384:
+          name: 'ECDHE-ECDSA-AES256-SHA384'
+          enabled: True
+        ECDHE-ECDSA-AES256-SHA:
+          name: 'ECDHE-ECDSA-AES256-SHA'
+          enabled: True
+        ECDHE-RSA-AES256-SHA:
+          name: 'ECDHE-RSA-AES256-SHA'
+          enabled: True
+        DHE-RSA-AES128-SHA256:
+          name: 'DHE-RSA-AES128-SHA256'
+          enabled: True
+        DHE-RSA-AES128-SHA:
+          name: 'DHE-RSA-AES128-SHA'
+          enabled: True
+        DHE-RSA-AES256-SHA256:
+          name: 'DHE-RSA-AES256-SHA256'
+          enabled: True
+        DHE-RSA-AES256-SHA:
+          name: 'DHE-RSA-AES256-SHA'
+          enabled: True
+        ECDHE-ECDSA-DES-CBC3-SHA:
+          name: 'ECDHE-ECDSA-DES-CBC3-SHA'
+          enabled: True
+        ECDHE-RSA-DES-CBC3-SHA:
+          name: 'ECDHE-RSA-DES-CBC3-SHA'
+          enabled: True
+        EDH-RSA-DES-CBC3-SHA:
+          name: 'EDH-RSA-DES-CBC3-SHA'
+          enabled: True
+        AES128-GCM-SHA256:
+          name: 'AES128-GCM-SHA256'
+          enabled: True
+        AES256-GCM-SHA384:
+          name: 'AES256-GCM-SHA384'
+          enabled: True
+        AES128-SHA256:
+          name: 'AES128-SHA256'
+          enabled: True
+        AES256-SHA256:
+          name: 'AES256-SHA256'
+          enabled: True
+        AES256-SHA:
+          name: 'AES256-SHA'
+          enabled: True
+        AES128-SHA:
+          name: 'AES128-SHA'
+          enabled: True
+        DES-CBC3-SHA:
+          name: 'DES-CBC3-SHA'
+          enabled: True
+        removeDSS:
+          name: '!DSS'
+          enabled: True
\ No newline at end of file