Merge "Disable SSLv3 in HAProxy"

This commit is contained in:
Jenkins 2017-03-17 08:32:25 +00:00 committed by Gerrit Code Review
commit 11d1c0160b
1 changed files with 13 additions and 11 deletions

View File

@ -42,17 +42,19 @@ package { 'haproxy':
# and this override looks the only possible if
# upstream manifests must be kept intact
$global_options = {
'log' => '/dev/log local0',
'pidfile' => '/var/run/haproxy.pid',
'maxconn' => $haproxy_maxconn,
'user' => 'haproxy',
'group' => 'haproxy',
'daemon' => '',
'stats' => 'socket /var/lib/haproxy/stats',
'spread-checks' => $spread_checks,
'tune.bufsize' => $haproxy_bufsize,
'tune.maxrewrite' => $haproxy_maxrewrite,
'tune.ssl.default-dh-param' => $haproxy_ssl_default_dh_param,
'log' => '/dev/log local0',
'pidfile' => '/var/run/haproxy.pid',
'maxconn' => $haproxy_maxconn,
'user' => 'haproxy',
'group' => 'haproxy',
'daemon' => '',
'stats' => 'socket /var/lib/haproxy/stats',
'spread-checks' => $spread_checks,
'tune.bufsize' => $haproxy_bufsize,
'tune.maxrewrite' => $haproxy_maxrewrite,
'tune.ssl.default-dh-param' => $haproxy_ssl_default_dh_param,
'ssl-default-bind-options' => 'no-sslv3 no-tls-tickets',
'ssl-default-server-options' => 'no-sslv3 no-tls-tickets',
}
$defaults_options = {