1 class apache::mod::ssl (
2 $ssl_compression = false,
3 $ssl_cryptodevice = 'builtin',
4 $ssl_options = [ 'StdEnvVars' ],
5 $ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5',
6 $ssl_honorcipherorder = 'On',
7 $ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ],
8 $ssl_pass_phrase_dialog = 'builtin',
9 $ssl_random_seed_bytes = '512',
10 $ssl_sessioncachetimeout = '300',
11 $apache_version = $::apache::apache_version,
12 $package_name = undef,
14 $session_cache = $::osfamily ? {
15 'debian' => "\${APACHE_RUN_DIR}/ssl_scache(512000)",
16 'redhat' => '/var/cache/mod_ssl/scache(512000)',
17 'freebsd' => '/var/run/ssl_scache(512000)',
18 'gentoo' => '/var/run/ssl_scache(512000)',
23 if versioncmp($apache_version, '2.4') >= 0 {
24 $ssl_mutex = 'default'
25 } elsif $::operatingsystem == 'Ubuntu' and $::operatingsystemrelease == '10.04' {
26 $ssl_mutex = 'file:/var/run/apache2/ssl_mutex'
28 $ssl_mutex = "file:\${APACHE_RUN_DIR}/ssl_mutex"
32 $ssl_mutex = 'default'
35 $ssl_mutex = 'default'
38 $ssl_mutex = 'default'
41 fail("Unsupported osfamily ${::osfamily}")
45 ::apache::mod { 'ssl':
46 package => $package_name,
49 if versioncmp($apache_version, '2.4') >= 0 {
50 ::apache::mod { 'socache_shmcb': }
58 # $ssl_honorcipherorder
62 # $ssl_random_seed_bytes
63 # $ssl_sessioncachetimeout
68 path => "${::apache::mod_dir}/ssl.conf",
69 content => template('apache/mod/ssl.conf.erb'),
70 require => Exec["mkdir ${::apache::mod_dir}"],
71 before => File[$::apache::mod_dir],
72 notify => Class['apache::service'],