Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 1 | parameters: |
| 2 | _param: |
| 3 | nginx_proxy_ssl_enabled: false |
| 4 | nginx_proxy_ssl: |
| 5 | mode: 'strict' |
| 6 | enabled: ${_param:nginx_proxy_ssl_enabled} |
| 7 | engine: salt |
| 8 | dhparam: |
| 9 | enabled: True |
| 10 | numbits: 2048 |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 11 | prefer_server_ciphers: "on" |
| 12 | protocols: |
| 13 | TLSv1: |
| 14 | name: 'TLSv1' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 15 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 16 | TLSv1.1: |
| 17 | name: 'TLSv1.1' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 18 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 19 | TLSv1.2: |
| 20 | name: 'TLSv1.2' |
| 21 | enabled: True |
| 22 | stapling: "on" |
| 23 | stapling_verify: "on" |
| 24 | ciphers: |
| 25 | ECDHE-ECDSA-CHACHA20-POLY1305: |
| 26 | name: 'ECDHE-ECDSA-CHACHA20-POLY1305' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 27 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 28 | ECDHE-RSA-CHACHA20-POLY1305: |
| 29 | name: 'ECDHE-RSA-CHACHA20-POLY1305' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 30 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 31 | ECDHE-ECDSA-AES128-GCM-SHA256: |
| 32 | name: 'ECDHE-ECDSA-AES128-GCM-SHA256' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 33 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 34 | ECDHE-RSA-AES128-GCM-SHA256: |
| 35 | name: 'ECDHE-RSA-AES128-GCM-SHA256' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 36 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 37 | ECDHE-ECDSA-AES256-GCM-SHA384: |
| 38 | name: 'ECDHE-ECDSA-AES256-GCM-SHA384' |
| 39 | enabled: True |
| 40 | ECDHE-RSA-AES256-GCM-SHA384: |
| 41 | name: 'ECDHE-RSA-AES256-GCM-SHA384' |
| 42 | enabled: True |
| 43 | DHE-RSA-AES128-GCM-SHA256: |
| 44 | name: 'DHE-RSA-AES128-GCM-SHA256' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 45 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 46 | DHE-RSA-AES256-GCM-SHA384: |
| 47 | name: 'DHE-RSA-AES256-GCM-SHA384' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 48 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 49 | ECDHE-ECDSA-AES128-SHA256: |
| 50 | name: 'ECDHE-ECDSA-AES128-SHA256' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 51 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 52 | ECDHE-RSA-AES128-SHA256: |
| 53 | name: 'ECDHE-RSA-AES128-SHA256' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 54 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 55 | ECDHE-ECDSA-AES128-SHA: |
| 56 | name: 'ECDHE-ECDSA-AES128-SHA' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 57 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 58 | ECDHE-RSA-AES256-SHA384: |
| 59 | name: 'ECDHE-RSA-AES256-SHA384' |
| 60 | enabled: True |
| 61 | ECDHE-RSA-AES128-SHA: |
| 62 | name: 'ECDHE-RSA-AES128-SHA' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 63 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 64 | ECDHE-ECDSA-AES256-SHA384: |
| 65 | name: 'ECDHE-ECDSA-AES256-SHA384' |
| 66 | enabled: True |
| 67 | ECDHE-ECDSA-AES256-SHA: |
| 68 | name: 'ECDHE-ECDSA-AES256-SHA' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 69 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 70 | ECDHE-RSA-AES256-SHA: |
| 71 | name: 'ECDHE-RSA-AES256-SHA' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 72 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 73 | DHE-RSA-AES128-SHA256: |
| 74 | name: 'DHE-RSA-AES128-SHA256' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 75 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 76 | DHE-RSA-AES128-SHA: |
| 77 | name: 'DHE-RSA-AES128-SHA' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 78 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 79 | DHE-RSA-AES256-SHA256: |
| 80 | name: 'DHE-RSA-AES256-SHA256' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 81 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 82 | DHE-RSA-AES256-SHA: |
| 83 | name: 'DHE-RSA-AES256-SHA' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 84 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 85 | ECDHE-ECDSA-DES-CBC3-SHA: |
| 86 | name: 'ECDHE-ECDSA-DES-CBC3-SHA' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 87 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 88 | ECDHE-RSA-DES-CBC3-SHA: |
| 89 | name: 'ECDHE-RSA-DES-CBC3-SHA' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 90 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 91 | EDH-RSA-DES-CBC3-SHA: |
| 92 | name: 'EDH-RSA-DES-CBC3-SHA' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 93 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 94 | AES128-GCM-SHA256: |
| 95 | name: 'AES128-GCM-SHA256' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 96 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 97 | AES256-GCM-SHA384: |
| 98 | name: 'AES256-GCM-SHA384' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 99 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 100 | AES128-SHA256: |
| 101 | name: 'AES128-SHA256' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 102 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 103 | AES256-SHA256: |
| 104 | name: 'AES256-SHA256' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 105 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 106 | AES256-SHA: |
| 107 | name: 'AES256-SHA' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 108 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 109 | AES128-SHA: |
| 110 | name: 'AES128-SHA' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 111 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 112 | DES-CBC3-SHA: |
| 113 | name: 'DES-CBC3-SHA' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 114 | enabled: False |
Mykyta Karpin | 6dc8dab | 2018-07-31 16:54:12 +0300 | [diff] [blame] | 115 | removeDSS: |
| 116 | name: '!DSS' |
Oleksandr Shyshko | 459193c | 2019-05-23 17:44:28 +0300 | [diff] [blame] | 117 | enabled: True |