Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-models / reclass-system / 816ff073af422b4e28e64c3158ff9a42ceaea141 / . / nginx / server / proxy / ssl.yml
blob: dd4f2cdcdef8a76f144b2783f9f4bd2184ae148c [file] [log] [blame]
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]1parameters:
2 _param:
3 nginx_proxy_ssl_enabled: false
4 nginx_proxy_ssl:
5 mode: 'strict'
6 enabled: ${_param:nginx_proxy_ssl_enabled}
7 engine: salt
8 dhparam:
9 enabled: True
10 numbits: 2048
11 ecdh_curve:
12 secp521r1:
13 name: 'secp521r1'
14 enabled: True
15 prefer_server_ciphers: "on"
16 protocols:
17 TLSv1:
18 name: 'TLSv1'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]19 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]20 TLSv1.1:
21 name: 'TLSv1.1'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]22 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]23 TLSv1.2:
24 name: 'TLSv1.2'
25 enabled: True
26 stapling: "on"
27 stapling_verify: "on"
28 ciphers:
29 ECDHE-ECDSA-CHACHA20-POLY1305:
30 name: 'ECDHE-ECDSA-CHACHA20-POLY1305'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]31 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]32 ECDHE-RSA-CHACHA20-POLY1305:
33 name: 'ECDHE-RSA-CHACHA20-POLY1305'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]34 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]35 ECDHE-ECDSA-AES128-GCM-SHA256:
36 name: 'ECDHE-ECDSA-AES128-GCM-SHA256'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]37 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]38 ECDHE-RSA-AES128-GCM-SHA256:
39 name: 'ECDHE-RSA-AES128-GCM-SHA256'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]40 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]41 ECDHE-ECDSA-AES256-GCM-SHA384:
42 name: 'ECDHE-ECDSA-AES256-GCM-SHA384'
43 enabled: True
44 ECDHE-RSA-AES256-GCM-SHA384:
45 name: 'ECDHE-RSA-AES256-GCM-SHA384'
46 enabled: True
47 DHE-RSA-AES128-GCM-SHA256:
48 name: 'DHE-RSA-AES128-GCM-SHA256'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]49 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]50 DHE-RSA-AES256-GCM-SHA384:
51 name: 'DHE-RSA-AES256-GCM-SHA384'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]52 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]53 ECDHE-ECDSA-AES128-SHA256:
54 name: 'ECDHE-ECDSA-AES128-SHA256'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]55 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]56 ECDHE-RSA-AES128-SHA256:
57 name: 'ECDHE-RSA-AES128-SHA256'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]58 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]59 ECDHE-ECDSA-AES128-SHA:
60 name: 'ECDHE-ECDSA-AES128-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]61 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]62 ECDHE-RSA-AES256-SHA384:
63 name: 'ECDHE-RSA-AES256-SHA384'
64 enabled: True
65 ECDHE-RSA-AES128-SHA:
66 name: 'ECDHE-RSA-AES128-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]67 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]68 ECDHE-ECDSA-AES256-SHA384:
69 name: 'ECDHE-ECDSA-AES256-SHA384'
70 enabled: True
71 ECDHE-ECDSA-AES256-SHA:
72 name: 'ECDHE-ECDSA-AES256-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]73 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]74 ECDHE-RSA-AES256-SHA:
75 name: 'ECDHE-RSA-AES256-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]76 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]77 DHE-RSA-AES128-SHA256:
78 name: 'DHE-RSA-AES128-SHA256'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]79 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]80 DHE-RSA-AES128-SHA:
81 name: 'DHE-RSA-AES128-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]82 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]83 DHE-RSA-AES256-SHA256:
84 name: 'DHE-RSA-AES256-SHA256'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]85 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]86 DHE-RSA-AES256-SHA:
87 name: 'DHE-RSA-AES256-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]88 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]89 ECDHE-ECDSA-DES-CBC3-SHA:
90 name: 'ECDHE-ECDSA-DES-CBC3-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]91 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]92 ECDHE-RSA-DES-CBC3-SHA:
93 name: 'ECDHE-RSA-DES-CBC3-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]94 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]95 EDH-RSA-DES-CBC3-SHA:
96 name: 'EDH-RSA-DES-CBC3-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]97 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]98 AES128-GCM-SHA256:
99 name: 'AES128-GCM-SHA256'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]100 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]101 AES256-GCM-SHA384:
102 name: 'AES256-GCM-SHA384'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]103 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]104 AES128-SHA256:
105 name: 'AES128-SHA256'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]106 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]107 AES256-SHA256:
108 name: 'AES256-SHA256'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]109 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]110 AES256-SHA:
111 name: 'AES256-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]112 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]113 AES128-SHA:
114 name: 'AES128-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]115 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]116 DES-CBC3-SHA:
117 name: 'DES-CBC3-SHA'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]118 enabled: False
Mykyta Karpin6dc8dab2018-07-31 16:54:12 +0300[diff] [blame]119 removeDSS:
120 name: '!DSS'
Oleksandr Shyshkoa5f8d082019-05-23 17:44:28 +0300[diff] [blame]121 enabled: True