From: Martin Zobel-Helas <zobel@debian.org>
Date: Fri, 16 Mar 2012 08:10:46 +0000 (+0100)
Subject: Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa... 
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=a42f4d2b6269546e443fc9580971ba1d909f8727;hp=3a78a183290c2dc081213c5218a37a444f96a4a4;p=mirror%2Fdsa-puppet.git

Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet

* 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet:
  New addressrange at conova
---

diff --git a/modules/apache2/files/common/etc/apache2/sites-available/common-ssl.inc b/modules/apache2/files/common/etc/apache2/sites-available/common-ssl.inc
new file mode 100644
index 000000000..2021ab4c2
--- /dev/null
+++ b/modules/apache2/files/common/etc/apache2/sites-available/common-ssl.inc
@@ -0,0 +1,30 @@
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+SSLEngine on
+
+#   SSL Protocol support:
+#   List the protocol versions which clients are allowed to
+#   connect with. Disable SSLv2 by default (cf. RFC 6176).
+SSLProtocol all -SSLv2
+
+#
+#   Some MIME-types for downloading Certificates and CRLs
+#   
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl    .crl
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate.
+#   See the mod_ssl documentation for a complete list.
+SSLCipherSuite ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM
+SSLHonorCipherOrder on
+
+#   Add STS
+Header add Strict-Transport-Security "max-age=604800"
+