Unify all ssl cipher suite configurations

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

roles/keyserver/tasks/main.yml

@@ -43,12 +43,12 @@
   - config
 
 - name: /etc/httpd/conf.d/sks.conf
-  copy: src="sks.conf" dest=/etc/httpd/conf.d/sks.conf owner=root group=root mode=0644
+  template: src="sks.conf" dest=/etc/httpd/conf.d/sks.conf owner=root group=root mode=0644
   tags:
   - config
 
 - name: /etc/httpd/conf.d/ssl.conf
-  copy: src="ssl.conf" dest=/etc/httpd/conf.d/ssl.conf owner=root group=root mode=0644
+  template: src="ssl.conf" dest=/etc/httpd/conf.d/ssl.conf owner=root group=root mode=0644
   tags:
   - config
 

roles/keyserver/templates/sks.conf

@@ -56,8 +56,8 @@ NameVirtualHost *:443
         SSLCertificateFile /etc/pki/tls/wildcard-2014.fedoraproject.org.cert
 	SSLCertificateChainFile /etc/pki/tls/wildcard-2014.fedoraproject.org.intermediate.cert
         SSLCertificateKeyFile /etc/pki/tls/wildcard-2014.fedoraproject.org.key
-        SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
-	SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
+        SSLProtocol {{ ssl_protocols }}
+	SSLCipherSuite {{ ssl_ciphers }}
 
 	ProxyPass / http://localhost:11371/
 	ProxyPassReverse / http://localhost:11371/
@@ -73,8 +73,8 @@ NameVirtualHost *:443
         SSLEngine on
         SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem
         SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key
-	SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
-	SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
+	SSLProtocol {{ ssl_protocols }}
+	SSLCipherSuite {{ ssl_ciphers }}
 
         ProxyPass / http://localhost:11371/
         ProxyPassReverse / http://localhost:11371/

roles/keyserver/templates/ssl.conf

@@ -92,12 +92,12 @@ SSLEngine on
 #   SSL Protocol support:
 # List the enable protocol levels with which clients will be able to
 # connect.  Disable SSLv2 access by default:
-SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
+SSLProtocol {{ ssl_protocols }}
 
 #   SSL Cipher Suite:
 # List the ciphers that the client is permitted to negotiate.
 # See the mod_ssl documentation for a complete list.
-SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
+SSLCipherSuite {{ ssl_ciphers }}
 
 #   Server Certificate:
 # Point SSLCertificateFile at a PEM encoded certificate.  If