From dbff1bc378206744a95a8829fdf19b18f309cdd9 Mon Sep 17 00:00:00 2001
From: Oskar Pearson <oskar@deckle.co.uk>
Date: Tue, 17 Mar 2015 15:39:15 +0000
Subject: [PATCH 1/2] [ssl_protocols_options] Config of ssl_options

Let users change ssl_protocols_options
---
 defaults/main.yml                       | 1 +
 templates/nginx_sites-available.conf.j2 | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index a90456f..e162a05 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -49,5 +49,6 @@ nginx_ssl_manage_certs: true
 nginx_ssl_local_path: /home/yourname/dev/testproject/secrets
 nginx_ssl_cert_name: sslcert.crt
 nginx_ssl_key_name: sslkey.key
+nginx_ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2"
 
 apt_cache_valid_time: 86400
diff --git a/templates/nginx_sites-available.conf.j2 b/templates/nginx_sites-available.conf.j2
index 4956c58..722971b 100644
--- a/templates/nginx_sites-available.conf.j2
+++ b/templates/nginx_sites-available.conf.j2
@@ -42,7 +42,7 @@ server {
   ssl_session_cache {{ nginx_ssl_session_cache }};
   ssl_session_timeout {{ nginx_ssl_session_timeout }};
   ssl_prefer_server_ciphers on;
-  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_protocols {{ nginx_ssl_protocols }};
   ssl_ciphers {{ nginx_ssl_ciphers }};
   ssl_ecdh_curve {{ nginx_ssl_ecdh_curve }};
   add_header Strict-Transport-Security $sts;

From 23754eb2ea91eaa8215b5b1386841c0d245fe425 Mon Sep 17 00:00:00 2001
From: Oskar Pearson <oskar@deckle.co.uk>
Date: Tue, 17 Mar 2015 16:44:43 +0000
Subject: [PATCH 2/2] [ssl_protocols_options] Add README.md note about
 nginx_ssl_protocols option

---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index 6190259..e48b0ea 100644
--- a/README.md
+++ b/README.md
@@ -131,6 +131,9 @@ nginx_ssl_local_path: /home/yourname/dev/testproject/secrets
 nginx_ssl_cert_name: sslcert.crt
 nginx_ssl_key_name: sslkey.key
 
+# Whicb SSL protocols should we support?
+nginx_ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2"
+
 # The amount in seconds to cache apt-update.
 apt_cache_valid_time: 86400