diff --git a/README.md b/README.md index 5066caac9..65bde1f0a 100644 --- a/README.md +++ b/README.md @@ -3046,7 +3046,7 @@ Specifies the SSL certification. Defaults are based on your OS: '/etc/pki/tls/ce ##### `ssl_protocol` -Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Expects an array of accepted protocols. Defaults to 'all', '-SSLv2', '-SSLv3'. +Specifies [SSLProtocol](http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslprotocol). Expects an array or space separated string of accepted protocols. Defaults to 'all', '-SSLv2', '-SSLv3'. ##### `ssl_cipher` diff --git a/spec/acceptance/vhost_spec.rb b/spec/acceptance/vhost_spec.rb index b5d51e91f..dd6d03cd1 100644 --- a/spec/acceptance/vhost_spec.rb +++ b/spec/acceptance/vhost_spec.rb @@ -1339,4 +1339,31 @@ class { 'apache': } it { is_expected.to be_file } end end + + describe 'SSLProtocol directive' do + it 'applies cleanly' do + pp = <<-EOS + class { 'apache': } + apache::vhost { 'test.server': + docroot => '/tmp', + ssl_protocol => ['All', '-SSLv2'], + } + apache::vhost { 'test2.server': + docroot => '/tmp', + ssl_protocol => 'All -SSLv2', + } + EOS + apply_manifest(pp, :catch_failures => true) + end + + describe file("#{$vhost_dir}/25-test.server.conf") do + it { is_expected.to be_file } + it { is_expected.to contain 'SSLProtocol All -SSLv2' } + end + + describe file("#{$vhost_dir}/25-test2.server.conf") do + it { is_expected.to be_file } + it { is_expected.to contain 'SSLProtocol All -SSLv2' } + end + end end diff --git a/templates/vhost/_ssl.erb b/templates/vhost/_ssl.erb index e99b739a6..a3d76fb13 100644 --- a/templates/vhost/_ssl.erb +++ b/templates/vhost/_ssl.erb @@ -26,7 +26,7 @@ SSLProxyEngine On <%- end -%> <%- if @ssl_protocol -%> - SSLProtocol <%= @ssl_protocol %> + SSLProtocol <%= [@ssl_protocol].flatten.compact.join(' ') %> <%- end -%> <%- if @ssl_cipher -%> SSLCipherSuite <%= @ssl_cipher %>