Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / 1988495a0eab78ff269677a3d884e2a61c339e92 / . / nginx / server / proxy / ssl.yml
blob: fdd95a580423659dd000903d746599e6c70308c9 [file] [log] [blame]
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]1parameters:
2 _param:
3 nginx_proxy_ssl_enabled: false
4 nginx_proxy_ssl:
5 mode: 'strict'
6 enabled: ${_param:nginx_proxy_ssl_enabled}
7 engine: salt
8 dhparam:
9 enabled: True
10 numbits: 2048
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]11 prefer_server_ciphers: "on"
12 protocols:
13 TLSv1:
14 name: 'TLSv1'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]15 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]16 TLSv1.1:
17 name: 'TLSv1.1'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]18 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]19 TLSv1.2:
20 name: 'TLSv1.2'
21 enabled: True
22 stapling: "on"
23 stapling_verify: "on"
24 ciphers:
25 ECDHE-ECDSA-CHACHA20-POLY1305:
26 name: 'ECDHE-ECDSA-CHACHA20-POLY1305'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]27 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]28 ECDHE-RSA-CHACHA20-POLY1305:
29 name: 'ECDHE-RSA-CHACHA20-POLY1305'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]30 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]31 ECDHE-ECDSA-AES128-GCM-SHA256:
32 name: 'ECDHE-ECDSA-AES128-GCM-SHA256'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]33 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]34 ECDHE-RSA-AES128-GCM-SHA256:
35 name: 'ECDHE-RSA-AES128-GCM-SHA256'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]36 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]37 ECDHE-ECDSA-AES256-GCM-SHA384:
38 name: 'ECDHE-ECDSA-AES256-GCM-SHA384'
39 enabled: True
40 ECDHE-RSA-AES256-GCM-SHA384:
41 name: 'ECDHE-RSA-AES256-GCM-SHA384'
42 enabled: True
43 DHE-RSA-AES128-GCM-SHA256:
44 name: 'DHE-RSA-AES128-GCM-SHA256'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]45 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]46 DHE-RSA-AES256-GCM-SHA384:
47 name: 'DHE-RSA-AES256-GCM-SHA384'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]48 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]49 ECDHE-ECDSA-AES128-SHA256:
50 name: 'ECDHE-ECDSA-AES128-SHA256'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]51 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]52 ECDHE-RSA-AES128-SHA256:
53 name: 'ECDHE-RSA-AES128-SHA256'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]54 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]55 ECDHE-ECDSA-AES128-SHA:
56 name: 'ECDHE-ECDSA-AES128-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]57 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]58 ECDHE-RSA-AES256-SHA384:
59 name: 'ECDHE-RSA-AES256-SHA384'
60 enabled: True
61 ECDHE-RSA-AES128-SHA:
62 name: 'ECDHE-RSA-AES128-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]63 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]64 ECDHE-ECDSA-AES256-SHA384:
65 name: 'ECDHE-ECDSA-AES256-SHA384'
66 enabled: True
67 ECDHE-ECDSA-AES256-SHA:
68 name: 'ECDHE-ECDSA-AES256-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]69 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]70 ECDHE-RSA-AES256-SHA:
71 name: 'ECDHE-RSA-AES256-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]72 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]73 DHE-RSA-AES128-SHA256:
74 name: 'DHE-RSA-AES128-SHA256'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]75 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]76 DHE-RSA-AES128-SHA:
77 name: 'DHE-RSA-AES128-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]78 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]79 DHE-RSA-AES256-SHA256:
80 name: 'DHE-RSA-AES256-SHA256'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]81 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]82 DHE-RSA-AES256-SHA:
83 name: 'DHE-RSA-AES256-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]84 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]85 ECDHE-ECDSA-DES-CBC3-SHA:
86 name: 'ECDHE-ECDSA-DES-CBC3-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]87 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]88 ECDHE-RSA-DES-CBC3-SHA:
89 name: 'ECDHE-RSA-DES-CBC3-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]90 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]91 EDH-RSA-DES-CBC3-SHA:
92 name: 'EDH-RSA-DES-CBC3-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]93 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]94 AES128-GCM-SHA256:
95 name: 'AES128-GCM-SHA256'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]96 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]97 AES256-GCM-SHA384:
98 name: 'AES256-GCM-SHA384'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]99 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]100 AES128-SHA256:
101 name: 'AES128-SHA256'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]102 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]103 AES256-SHA256:
104 name: 'AES256-SHA256'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]105 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]106 AES256-SHA:
107 name: 'AES256-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]108 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]109 AES128-SHA:
110 name: 'AES128-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]111 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]112 DES-CBC3-SHA:
113 name: 'DES-CBC3-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]114 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]115 removeDSS:
116 name: '!DSS'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]117 enabled: True