From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 14 Oct 2014 19:47:13 +0000 (+0200)
Subject: apache: disable SSLv3 support
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=d42b232629e0f6dc147bc53d940493467d3852d2;p=mirror%2Fdsa-puppet.git

apache: disable SSLv3 support
---

diff --git a/modules/apache2/files/puppet-config b/modules/apache2/files/puppet-config
new file mode 100644
index 000000000..40d6d7042
--- /dev/null
+++ b/modules/apache2/files/puppet-config
@@ -0,0 +1,3 @@
+<IfModule mod_ssl.c>
+  SSLProtocol all -SSLv2 -SSLv3
+</IfModule>
diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index b1f20a239..3d49ce84b 100644
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -79,6 +79,10 @@ class apache2 {
 		source => 'puppet:///modules/apache2/puppet-ssl-macros',
 	}
 
+	apache2::config { 'puppet-config':
+		source => 'puppet:///modules/apache2/puppet-config',
+	}
+
 	file { '/etc/apache2/sites-available/common-ssl.inc':
 		ensure => absent,
 	}