Merge pull request #4 from unboxed/ssl_protocols_options

[ssl_protocols_options] Config of ssl_options
nickjj · Mar 17, 2015 · dce91b4 · dce91b4
2 parents ce54b5a + 23754eb
commit dce91b4
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -131,6 +131,9 @@ nginx_ssl_local_path: /home/yourname/dev/testproject/secrets
 nginx_ssl_cert_name: sslcert.crt
 nginx_ssl_key_name: sslkey.key
 
+# Whicb SSL protocols should we support?
+nginx_ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2"
+
 # The amount in seconds to cache apt-update.
 apt_cache_valid_time: 86400
 

diff --git a/defaults/main.yml b/defaults/main.yml
@@ -49,5 +49,6 @@ nginx_ssl_manage_certs: true
 nginx_ssl_local_path: /home/yourname/dev/testproject/secrets
 nginx_ssl_cert_name: sslcert.crt
 nginx_ssl_key_name: sslkey.key
+nginx_ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2"
 
 apt_cache_valid_time: 86400
diff --git a/templates/nginx_sites-available.conf.j2 b/templates/nginx_sites-available.conf.j2
@@ -42,7 +42,7 @@ server {
   ssl_session_cache {{ nginx_ssl_session_cache }};
   ssl_session_timeout {{ nginx_ssl_session_timeout }};
   ssl_prefer_server_ciphers on;
-  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_protocols {{ nginx_ssl_protocols }};
   ssl_ciphers {{ nginx_ssl_ciphers }};
   ssl_ecdh_curve {{ nginx_ssl_ecdh_curve }};
   add_header Strict-Transport-Security $sts;