Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / 4b440ce701153d3f814607ee7c97159bf5cc1ed0 / . / apache / server / ssl.yml
blob: a4eedbf01939e9328c92d9fa81d46bcd3ffae5f0 [file] [log] [blame]
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]1parameters:
2 _param:
3 apache_ssl_enabled: false
4 apache_ssl:
5 mode: 'strict'
6 enabled: ${_param:apache_ssl_enabled}
7 engine: salt
8 prefer_server_ciphers: "on"
9 protocols:
10 all:
11 name: 'all'
12 enabled: True
13 excludeSSLv2:
14 name: '-SSLv2'
15 enabled: True
16 excludeSSLv3:
17 name: '-SSLv3'
18 enabled: True
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]19 excludeTLSv1:
20 name: '-TLSv1'
21 enabled: True
22 excludeTLSv1.1:
23 name: '-TLSv1.1'
24 enabled: True
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]25 ciphers:
26 ECDHE-ECDSA-CHACHA20-POLY1305:
27 name: 'ECDHE-ECDSA-CHACHA20-POLY1305'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]28 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]29 ECDHE-RSA-CHACHA20-POLY1305:
30 name: 'ECDHE-RSA-CHACHA20-POLY1305'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]31 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]32 ECDHE-ECDSA-AES128-GCM-SHA256:
33 name: 'ECDHE-ECDSA-AES128-GCM-SHA256'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]34 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]35 ECDHE-RSA-AES128-GCM-SHA256:
36 name: 'ECDHE-RSA-AES128-GCM-SHA256'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]37 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]38 ECDHE-ECDSA-AES256-GCM-SHA384:
39 name: 'ECDHE-ECDSA-AES256-GCM-SHA384'
40 enabled: True
41 ECDHE-RSA-AES256-GCM-SHA384:
42 name: 'ECDHE-RSA-AES256-GCM-SHA384'
43 enabled: True
44 DHE-RSA-AES128-GCM-SHA256:
45 name: 'DHE-RSA-AES128-GCM-SHA256'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]46 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]47 DHE-RSA-AES256-GCM-SHA384:
48 name: 'DHE-RSA-AES256-GCM-SHA384'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]49 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]50 ECDHE-ECDSA-AES128-SHA256:
51 name: 'ECDHE-ECDSA-AES128-SHA256'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]52 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]53 ECDHE-RSA-AES128-SHA256:
54 name: 'ECDHE-RSA-AES128-SHA256'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]55 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]56 ECDHE-ECDSA-AES128-SHA:
57 name: 'ECDHE-ECDSA-AES128-SHA'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]58 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]59 ECDHE-RSA-AES256-SHA384:
60 name: 'ECDHE-RSA-AES256-SHA384'
61 enabled: True
62 ECDHE-RSA-AES128-SHA:
63 name: 'ECDHE-RSA-AES128-SHA'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]64 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]65 ECDHE-ECDSA-AES256-SHA384:
66 name: 'ECDHE-ECDSA-AES256-SHA384'
67 enabled: True
68 ECDHE-ECDSA-AES256-SHA:
69 name: 'ECDHE-ECDSA-AES256-SHA'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]70 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]71 ECDHE-RSA-AES256-SHA:
72 name: 'ECDHE-RSA-AES256-SHA'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]73 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]74 DHE-RSA-AES128-SHA256:
75 name: 'DHE-RSA-AES128-SHA256'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]76 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]77 DHE-RSA-AES128-SHA:
78 name: 'DHE-RSA-AES128-SHA'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]79 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]80 DHE-RSA-AES256-SHA256:
81 name: 'DHE-RSA-AES256-SHA256'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]82 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]83 DHE-RSA-AES256-SHA:
84 name: 'DHE-RSA-AES256-SHA'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]85 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]86 ECDHE-ECDSA-DES-CBC3-SHA:
87 name: 'ECDHE-ECDSA-DES-CBC3-SHA'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]88 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]89 ECDHE-RSA-DES-CBC3-SHA:
90 name: 'ECDHE-RSA-DES-CBC3-SHA'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]91 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]92 EDH-RSA-DES-CBC3-SHA:
93 name: 'EDH-RSA-DES-CBC3-SHA'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]94 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]95 AES128-GCM-SHA256:
96 name: 'AES128-GCM-SHA256'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]97 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]98 AES256-GCM-SHA384:
99 name: 'AES256-GCM-SHA384'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]100 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]101 AES128-SHA256:
102 name: 'AES128-SHA256'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]103 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]104 AES256-SHA256:
105 name: 'AES256-SHA256'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]106 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]107 AES256-SHA:
108 name: 'AES256-SHA'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]109 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]110 AES128-SHA:
111 name: 'AES128-SHA'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]112 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]113 DES-CBC3-SHA:
114 name: 'DES-CBC3-SHA'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]115 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]116 removeDSS:
117 name: '!DSS'
Oleksandr Shyshko2b2c3042019-02-08 13:35:24 +0000[diff] [blame]118 enabled: True