chore: update default ssl-config

This commit is contained in:
s3lph 2024-08-11 03:05:20 +02:00
parent 9facd9f7eb
commit 76f918111a
2 changed files with 4 additions and 4 deletions

View file

@ -8,7 +8,7 @@ namespace: s3lph
name: webserver name: webserver
# The version of the collection. Must be compatible with semantic versioning # The version of the collection. Must be compatible with semantic versioning
version: 0.2.1 version: 0.2.2
# The path to the Markdown (.md) readme file. This path is relative to the root of the collection # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
readme: README.md readme: README.md

View file

@ -17,10 +17,10 @@ apache2_tls_certfile: "/etc/letsencrypt/live/{{ inventory_hostname }}/fullchain.
apache2_tls_keyfile: "/etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem" apache2_tls_keyfile: "/etc/letsencrypt/live/{{ inventory_hostname }}/privkey.pem"
apache2_tls_noacme_fallback_certfile: /etc/ssl/certs/ssl-cert-snakeoil.pem apache2_tls_noacme_fallback_certfile: /etc/ssl/certs/ssl-cert-snakeoil.pem
apache2_tls_noacme_fallback_keyfile: /etc/ssl/private/ssl-cert-snakeoil.key apache2_tls_noacme_fallback_keyfile: /etc/ssl/private/ssl-cert-snakeoil.key
# generated 2021-04-22, Mozilla Guideline v5.6, Apache 2.4.41, OpenSSL 1.1.1d, intermediate configuration, no OCSP # generated 2024-08-10, Mozilla Guideline v5.7, Apache 2.4.61, OpenSSL 3.0.13, intermediate configuration, no OCSP
# https://ssl-config.mozilla.org/#server=apache&version=2.4.41&config=intermediate&openssl=1.1.1d&ocsp=false&guideline=5.6 # https://ssl-config.mozilla.org/#server=apache&version=2.4.61&config=intermediate&openssl=3.0.13&ocsp=false&guideline=5.7
apache2_tls_protocols: "all -SSLv3 -TLSv1 -TLSv1.1" apache2_tls_protocols: "all -SSLv3 -TLSv1 -TLSv1.1"
apache2_tls_ciphersuite: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" apache2_tls_ciphersuite: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305"
apache2_tls_honor_cipher_order: false apache2_tls_honor_cipher_order: false
apache2_tls_session_tickets: false apache2_tls_session_tickets: false