Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use default ssl_protocols for ssl mailhosts #930

Merged
merged 1 commit into from
Oct 17, 2016

Conversation

ekohl
Copy link
Member

@ekohl ekohl commented Oct 17, 2016

Based on #909. It also adds a test for the $ssl_ciphers parameter.

I haven't had the time yet to verify this on a real system.

Based on voxpupuli#909. It also
adds a test for the $ssl_ciphers parameter.
@@ -101,6 +103,7 @@
if ($ssl_cert != undef) {
validate_string($ssl_cert)
}
validate_string($ssl_protocols)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel blah about having this as a string rather than an array, but I guess there's a precedent.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree an array is better but this is in line with the existing config and by the principle of least surprise I think this is the better choice.

@jyaworski jyaworski merged commit 965f04d into voxpupuli:master Oct 17, 2016
@ekohl ekohl deleted the mail-ssl-ciphers branch October 17, 2016 14:04
@@ -30,7 +30,7 @@ server {
ssl_certificate_key <%= @ssl_key %>;
ssl_session_timeout 5m;

ssl_protocols TLSv1;
ssl_protocols <%= @ssl_protocols %>;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The same change applies to the puppet-nginx/templates/mailhost/mailhost.erb file. Because the SSL part of the two templates are equal I used to combine the two into one file that gets included. I'll fix the missing variable in my PR #769.

Rubueno pushed a commit to Rubueno/puppet-nginx that referenced this pull request Oct 19, 2020
Use default ssl_protocols for ssl mailhosts
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants