From 0907050d515daa74b258549d0934deca7d45c466 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan-Otto=20Kr=C3=B6pke?= <kroepke@outlook.com>
Date: Fri, 24 Jun 2016 00:27:15 +0200
Subject: [PATCH] Make it possible to define $ssl_protocols and $ssl_ciphers
 globally

---
 manifests/config.pp         | 2 ++
 manifests/resource/vhost.pp | 4 ++--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/manifests/config.pp b/manifests/config.pp
index 4f8d7f0bf..3e6252d92 100644
--- a/manifests/config.pp
+++ b/manifests/config.pp
@@ -104,6 +104,8 @@
   $worker_connections             = '1024',
   $worker_processes               = '1',
   $worker_rlimit_nofile           = '1024',
+  $ssl_protocols                  = 'TLSv1 TLSv1.1 TLSv1.2',
+  $ssl_ciphers                    = 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA',
   ### END Nginx Configuration ###
 ) inherits ::nginx::params {
 
diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp
index 333140631..b2c07ebad 100644
--- a/manifests/resource/vhost.pp
+++ b/manifests/resource/vhost.pp
@@ -200,9 +200,9 @@
   $ssl_dhparam                  = undef,
   $ssl_key                      = undef,
   $ssl_port                     = 443,
-  $ssl_protocols                = 'TLSv1 TLSv1.1 TLSv1.2',
+  $ssl_protocols                = $::nginx::config::ssl_protocols,
   $ssl_buffer_size              = undef,
-  $ssl_ciphers                  = 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA',
+  $ssl_ciphers                  = $::nginx::config::ssl_ciphers,
   $ssl_cache                    = 'shared:SSL:10m',
   $ssl_crl                      = undef,
   $ssl_stapling                 = false,