From 937c61b74bbd99f9955cbee426fb35e96050eea6 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Mon, 27 Oct 2014 09:23:23 -0400 Subject: Change stunnel default sslversion to be TLSv1, instead of the default SSLv3 (#6261) Change-Id: I7ab5a6455e434f8359169d31febed8b92f84bbcc --- puppet/modules/site_stunnel/manifests/client.pp | 1 + 1 file changed, 1 insertion(+) (limited to 'puppet/modules/site_stunnel/manifests/client.pp') diff --git a/puppet/modules/site_stunnel/manifests/client.pp b/puppet/modules/site_stunnel/manifests/client.pp index 12d664b4..76815174 100644 --- a/puppet/modules/site_stunnel/manifests/client.pp +++ b/puppet/modules/site_stunnel/manifests/client.pp @@ -35,6 +35,7 @@ define site_stunnel::client ( pid => "/var/run/stunnel4/${pid}.pid", rndfile => $rndfile, debuglevel => $debuglevel, + sslversion => 'TLSv1', subscribe => [ Class['Site_config::X509::Key'], Class['Site_config::X509::Cert'], -- cgit v1.2.3 From 896dd69710fa24a0235fc70081a71f35adbf9af1 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Thu, 20 Nov 2014 15:22:09 -0500 Subject: Make sure that stunnel restarts when cert/key change (#6181) Change-Id: I5085247a87018e18e73833119ac73225afbfea1e --- puppet/modules/site_stunnel/manifests/client.pp | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'puppet/modules/site_stunnel/manifests/client.pp') diff --git a/puppet/modules/site_stunnel/manifests/client.pp b/puppet/modules/site_stunnel/manifests/client.pp index 76815174..3b10ecb8 100644 --- a/puppet/modules/site_stunnel/manifests/client.pp +++ b/puppet/modules/site_stunnel/manifests/client.pp @@ -35,11 +35,7 @@ define site_stunnel::client ( pid => "/var/run/stunnel4/${pid}.pid", rndfile => $rndfile, debuglevel => $debuglevel, - sslversion => 'TLSv1', - subscribe => [ - Class['Site_config::X509::Key'], - Class['Site_config::X509::Cert'], - Class['Site_config::X509::Ca'] ]; + sslversion => 'TLSv1'; } site_shorewall::stunnel::client { $name: -- cgit v1.2.3