Added support for ssl-default-bind-ciphersuites, ssl-default-server-o…

…ptions, ssl-default-server-ciphers and ssl-default-server-ciphersuites
uoi-io · May 25, 2022 · b81cc71 · b81cc71
1 parent 0cd0d8c
commit b81cc71
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 6 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -37,8 +37,12 @@ haproxy_global_user: haproxy
 haproxy_global_pidfile: /var/run/haproxy.pid
 # haproxy_global_ca_base:
 # haproxy_global_crt_base:
-# haproxy_global_ssl_options:
-# haproxy_global_ssl_ciphers:
+# haproxy_global_ssl_bind_options:
+# haproxy_global_ssl_bind_ciphers:
+# haproxy_global_ssl_bind_ciphersuites:
+# haproxy_global_ssl_server_options:
+# haproxy_global_ssl_server_ciphers:
+# haproxy_global_ssl_server_ciphersuites:
 # haproxy_global_ssl_server_verify:
 haproxy_global_stats: []
 # haproxy_global_description:

diff --git a/templates/etc/haproxy/haproxy-global.cfg.j2 b/templates/etc/haproxy/haproxy-global.cfg.j2
@@ -32,11 +32,23 @@ global
 {% if haproxy_global_crt_base is defined and haproxy_global_crt_base|length %}
     crt-base   {{ haproxy_global_crt_base }}
 {% endif %}
-{% if haproxy_global_ssl_options is defined and haproxy_global_ssl_options|length %}
-    ssl-default-bind-options    {{ haproxy_global_ssl_options }}
+{% if haproxy_global_ssl_bind_options is defined and haproxy_global_ssl_bind_options|length %}
+    ssl-default-bind-options    {{ haproxy_global_ssl_bind_options }}
 {% endif %}
-{% if haproxy_global_ssl_ciphers is defined and haproxy_global_ssl_ciphers|length %}
-    ssl-default-bind-ciphers    {{ haproxy_global_ssl_ciphers }}
+{% if haproxy_global_ssl_bind_ciphers is defined and haproxy_global_ssl_bind_ciphers|length %}
+    ssl-default-bind-ciphers    {{ haproxy_global_ssl_bind_ciphers }}
+{% endif %}
+{% if haproxy_global_ssl_bind_ciphersuites is defined and haproxy_global_ssl_bind_ciphersuites|length %}
+    ssl-default-bind-ciphersuites    {{ haproxy_global_ssl_bind_ciphersuites }}
+{% endif %}
+{% if haproxy_global_ssl_server_options is defined and haproxy_global_ssl_server_options|length %}
+    ssl-default-server-options    {{ haproxy_global_ssl_server_options }}
+{% endif %}
+{% if haproxy_global_ssl_server_ciphers is defined and haproxy_global_ssl_server_ciphers|length %}
+    ssl-default-server-ciphers    {{ haproxy_global_ssl_server_ciphers }}
+{% endif %}
+{% if haproxy_global_ssl_server_ciphersuites is defined and haproxy_global_ssl_server_ciphersuites|length %}
+    ssl-default-server-ciphersuites    {{ haproxy_global_ssl_server_ciphersuites }}
 {% endif %}
 {% if haproxy_global_ssl_server_verify is defined and haproxy_global_ssl_server_verify|length %}
     ssl-server-verify           {{ haproxy_global_ssl_server_verify }}