From 2ed5b20cd0c3be018fc9f9ad01572b98f47bc379 Mon Sep 17 00:00:00 2001
From: "don.sizemore" <don.sizemore@github.com>
Date: Tue, 8 Dec 2020 15:32:00 -0500
Subject: [PATCH] #105 don't duplicate Listen 443 statement

---
 tasks/dataverse-apache.yml   | 2 +-
 templates/http.proxy.conf.j2 | 8 +++-----
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/tasks/dataverse-apache.yml b/tasks/dataverse-apache.yml
index 4d9e3fe4..64ea5d55 100644
--- a/tasks/dataverse-apache.yml
+++ b/tasks/dataverse-apache.yml
@@ -12,7 +12,7 @@
   - ansible_distribution_major_version == "8"
 
 - name: allow apache to read user content by default
-  shell: 'setsebool -P httpd_read_user_content 1'
+  shell: '/usr/sbin/setsebool -P httpd_read_user_content 1'
   when:
   - ansible_os_family == "RedHat"
   - ansible_distribution_major_version == "8"
diff --git a/templates/http.proxy.conf.j2 b/templates/http.proxy.conf.j2
index 737b67ac..5bc6606b 100644
--- a/templates/http.proxy.conf.j2
+++ b/templates/http.proxy.conf.j2
@@ -1,8 +1,5 @@
 {% if apache.ssl.enabled %}
 <IfModule ssl_module>
-  {% if ansible_os_family == "RedHat" %}
-Listen 443 https
-  {% endif %}
 
   {% if ansible_os_family == "RedHat" %}
   SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
@@ -37,8 +34,9 @@ Listen 443 https
     LogLevel warn
 
     SSLEngine on
-    SSLProtocol all -SSLv2
-    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
+    SSLProtocol -all +TLSv1.3
+    SSLHonorCipherOrder on
+    SSLCipherSuite kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:+kEDH+CAMELLIA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:+kRSA+CAMELLIA:!aNULL:!eNULL:!SSLv2:!RC4:!DES:!EXP:!SEED:!IDEA:!3DES
   {% if apache.ssl.remote_cert %}
     SSLCertificateFile {{ apache.ssl.cert }}
     SSLCertificateKeyFile {{ apache.ssl.key }}