From 44b56fca18a12e427f8131d89bffc48af2b25aed Mon Sep 17 00:00:00 2001
From: Mark Heiges <mheiges@uga.edu>
Date: Wed, 20 Apr 2016 16:27:32 -0400
Subject: [PATCH] set nginx ssl_ciphers and ss_protocols

---
 roles/easyredmine/templates/nginx.conf.j2 | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/roles/easyredmine/templates/nginx.conf.j2 b/roles/easyredmine/templates/nginx.conf.j2
index b8dc82f..707d29e 100644
--- a/roles/easyredmine/templates/nginx.conf.j2
+++ b/roles/easyredmine/templates/nginx.conf.j2
@@ -15,9 +15,14 @@ server {
   {% else %}
   server_name {{ ansible_fqdn }};
   {% endif %}
+
   ssl    on;
   ssl_certificate     /etc/pki/tls/certs/{{ ansible_fqdn }}.pem;
   ssl_certificate_key /etc/pki/tls/certs/{{ ansible_fqdn }}.pem;
+  ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:!DSS:!DH+3DES;
+  ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
+  ssl_prefer_server_ciphers on;
+
   root {{ redmine_root_dir }}/public;
   passenger_enabled on;
   client_max_body_size 50M;