Skip to content

Commit

Permalink
(MODULES-1719) Add parameter for SSLRandomSeed bytes
Browse files Browse the repository at this point in the history
  • Loading branch information
@hunner
hunner committed Feb 5, 2015
1 parent c1c4eae commit 67f9c0c
Show file tree
Hide file tree
Showing 4 changed files with 16 additions and 4 deletions.
6 changes: 4 additions & 2 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -738,9 +738,11 @@ Installs Apache SSL capabilities and uses the ssl.conf.erb template. These are t
class { 'apache::mod::ssl':
ssl_compression => false,
ssl_options => [ 'StdEnvVars' ],
ssl_cipher => 'HIGH:MEDIUM:!aNULL:!MD5',
ssl_protocol => ['all','-SSLv2','-SSLv3'],
ssl_pass_phrase_dialog => 'builtin',
ssl_protocol => 'all -SSLv2 -SSLv3',
}
ssl_random_seed_bytes => '512',
}
```

To *use* SSL with a virtual host, you must either set the`default_ssl_vhost` parameter in `::apache` to 'true' or set the `ssl` parameter in `apache::vhost` to 'true'.
Expand Down
1 change: 1 addition & 0 deletions manifests/mod/ssl.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
$ssl_cipher = 'HIGH:MEDIUM:!aNULL:!MD5',
$ssl_protocol = [ 'all', '-SSLv2', '-SSLv3' ],
$ssl_pass_phrase_dialog = 'builtin',
$ssl_random_seed_bytes = '512',
$apache_version = $::apache::apache_version,
$package_name = undef,
) {
Expand Down
9 changes: 9 additions & 0 deletions spec/classes/mod/ssl_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,5 +106,14 @@
it { is_expected.to contain_file('ssl.conf').with_content(/^ SSLPassPhraseDialog exec:\/path\/to\/program$/)}
end

context 'setting ssl_random_seed_bytes' do
let :params do
{
:ssl_random_seed_bytes => '1024',
}
end
it { is_expected.to contain_file('ssl.conf').with_content(%r{^ SSLRandomSeed startup file:/dev/urandom 1024$})}
end

end
end
4 changes: 2 additions & 2 deletions templates/mod/ssl.conf.erb
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
<IfModule mod_ssl.c>
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 512
SSLRandomSeed startup file:/dev/urandom <%= @ssl_random_seed_bytes %>
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 512
SSLRandomSeed connect file:/dev/urandom <%= @ssl_random_seed_bytes %>

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
Expand Down

0 comments on commit 67f9c0c

Please sign in to comment.