From f90e2265452984f2c371d966367cf240add827d5 Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 1 Oct 2018 23:03:50 +0000
Subject: [PATCH] also sync ssl stuff for these other places

---
 roles/totpcgi/files/totpcgi-httpd.conf     | 3 +++
 roles/totpcgi/files/totpcgi-httpd.conf.vpn | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/roles/totpcgi/files/totpcgi-httpd.conf b/roles/totpcgi/files/totpcgi-httpd.conf
index bfcaca319c..caa1c6767f 100644
--- a/roles/totpcgi/files/totpcgi-httpd.conf
+++ b/roles/totpcgi/files/totpcgi-httpd.conf
@@ -21,6 +21,9 @@ Listen 8443
 	SSLCertificateFile /etc/pki/totpcgi/totpcgi-server.crt
 	SSLCertificateKeyFile /etc/pki/totpcgi/totpcgi-server.key
 	SSLCACertificateFile /etc/pki/totpcgi/totpcgi-ca.crt
+        SSLHonorCipherOrder On
+        SSLCipherSuite {{ ssl_ciphers }}
+        SSLProtocol {{ ssl_protocols }}
 
 	SSLVerifyClient require
 	SSLVerifyDepth 10
diff --git a/roles/totpcgi/files/totpcgi-httpd.conf.vpn b/roles/totpcgi/files/totpcgi-httpd.conf.vpn
index 55ff5b088e..eb88528e3f 100644
--- a/roles/totpcgi/files/totpcgi-httpd.conf.vpn
+++ b/roles/totpcgi/files/totpcgi-httpd.conf.vpn
@@ -20,6 +20,9 @@
 	SSLCertificateFile /etc/pki/totpcgi/totpcgi-server-vpn.crt
 	SSLCertificateKeyFile /etc/pki/totpcgi/totpcgi-server-vpn.key
 	SSLCACertificateFile /etc/pki/totpcgi/totpcgi-ca.crt
+        SSLHonorCipherOrder On
+        SSLCipherSuite {{ ssl_ciphers }}
+        SSLProtocol {{ ssl_protocols }}
 
 	SSLVerifyClient require
 	SSLVerifyDepth 10