From 6e11d8c74792bf91e554401509107e876f49a5b5 Mon Sep 17 00:00:00 2001
From: Jimmy McCrory <jimmy.mccrory@gmail.com>
Date: Thu, 9 Feb 2017 17:53:00 -0800
Subject: [PATCH] Provide default barbican_ssl variables

Provide default 'barbican_ssl_protocol' and 'barbican_ssl_cipher_suite'
variables for when this role is run outside of an integrated
OpenStack-Ansible deployment.

Change-Id: Ic56b71b27713250e80407fe9dabec3c1a0909f15
---
 defaults/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index ac0ec45..9b989b5 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -114,8 +114,8 @@ barbican_ssl: false
 barbican_ssl_cert: /etc/ssl/certs/barbican.pem
 barbican_ssl_key: /etc/ssl/private/barbican.key
 barbican_ssl_ca_cert: /etc/ssl/certs/barbican-ca.pem
-barbican_ssl_protocol: "{{ ssl_protocol }}"
-barbican_ssl_cipher_suite: "{{ ssl_cipher_suite }}"
+barbican_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3') }}"
+barbican_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"
 
 # if using a self-signed certificate, set this to true to regenerate it
 barbican_ssl_self_signed_regen: false