From 34863e959fcd05dd325a658561f14580d49b6764 Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@boum.org>
Date: Sun, 6 Mar 2011 09:10:44 +0100
Subject: New opt-in support to only use strong SSL ciphers and MACs.

The new configuration variable is $sshd_hardened_ssl.
Settings were stolen from https://github.com/ioerror/duraconf.git.
---
 manifests/init.pp | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'manifests')

diff --git a/manifests/init.pp b/manifests/init.pp
index 991fbba..cc5f10e 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -77,6 +77,9 @@ class sshd {
   case $sshd_authorized_keys_file {
     '': { $sshd_authorized_keys_file = "%h/.ssh/authorized_keys" }
   }
+  case $sshd_hardened_ssl {
+    '': { $sshd_hardened_ssl = 'no' }
+  }
   case $sshd_sftp_subsystem {
     '': { $sshd_sftp_subsystem = '' }
   }
-- 
cgit v1.2.3