From cb76fabaf1cefcfb58cc12a29afc7ba252913201 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Thu, 25 Feb 2016 14:55:55 +0100
Subject: Provide ssl cipher suite defaults

We don't want to depend on too many modules.
The `$ssl_cipher_suite` parameter is the only
dependency to the `cert` module and I think it's
ok to remove this dependency. It's now a hardcoded
default taken from the puppetlabs apache module
(https://github.com/puppetlabs/puppetlabs-apache/blob/master/README.md#ssl_cipher)

Ppl who use the cert class will know how to pass the parameter.

See https://gitlab.com/shared-puppet-modules-group/apache/issues/9
for the discussion.
---
 manifests/init.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 1079d85..ad1478a 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -22,7 +22,7 @@ class apache(
   $default_ssl_certificate_file       = absent,
   $default_ssl_certificate_key_file   = absent,
   $default_ssl_certificate_chain_file = absent,
-  $ssl_cipher_suite                   = $certs::ssl_config::ciphers_http
+  $ssl_cipher_suite                   = 'HIGH:MEDIUM:!aNULL:!MD5'
 ) {
   case $::operatingsystem {
     centos: { include apache::centos }
-- 
cgit v1.2.3