From e226ccf25a3493a54221f5fcb53594c4712b508c Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Wed, 9 Aug 2017 14:41:06 +0200
Subject: [PATCH] Centralize SSL settings in apache role

---
 tasks/main.yml                    |  8 --------
 templates/options-ssl-apache.conf | 15 ---------------
 2 files changed, 23 deletions(-)
 delete mode 100644 templates/options-ssl-apache.conf

diff --git a/tasks/main.yml b/tasks/main.yml
index eaa7853..672c0e3 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -12,14 +12,6 @@
       path: '/etc/letsencrypt'
       state: 'directory'
 
-  - name: "Write SSL Apache Options"
-    template:
-      src: 'options-ssl-apache.conf'
-      dest: '/etc/letsencrypt/options-ssl-apache.conf'
-      owner: 'root'
-      group: 'root'
-      mode: '644'
-
   - name: "Check Existing Certs"
     stat:
       path: '/etc/letsencrypt/live'
diff --git a/templates/options-ssl-apache.conf b/templates/options-ssl-apache.conf
deleted file mode 100644
index 187effd..0000000
--- a/templates/options-ssl-apache.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-# Baseline setting to Include for SSL sites
-
-SSLEngine on
-
-# Intermediate configuration, tweak to your needs
-SSLProtocol             all -SSLv2 -SSLv3
-SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
-SSLHonorCipherOrder     on
-SSLCompression          off
-
-SSLOptions +StrictRequire
-
-# Add vhost name to log entries:
-LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
-LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
-- 
GitLab