Remove SSL block from haproxy config

2020-01-26 18:15:19 +00:00 · 2020-01-26 18:15:19 +00:00 · ac5a9aa0f0
commit ac5a9aa0f0
parent 03b3bd5ddb
1 changed files with 3 additions and 15 deletions
--- a/ansible/roles/gateway/files/haproxy.cfg
+++ b/ansible/roles/gateway/files/haproxy.cfg
@ -9,26 +9,14 @@ global
 	daemon
 	maxconn 10000

-	# Default SSL material locations
-	ca-base /etc/ssl/certs
-	crt-base /etc/ssl/private
-
-	# Default ciphers to use on SSL-enabled listening sockets.
-	# For more information, see ciphers(1SSL). This list is from:
-	#  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
-	# An alternative list with additional directives can be obtained from
-	#  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
-	ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
-	ssl-default-bind-options no-sslv3
-
 defaults
 	log	global
 	mode	http
 	option	httplog
 	option	dontlognull
-        timeout connect 10000
-        timeout client  50000
-        timeout server  50000
+	timeout connect 10000
+	timeout client  50000
+	timeout server  50000
 	errorfile 400 /etc/haproxy/errors/400.http
 	errorfile 403 /etc/haproxy/errors/403.http
 	errorfile 408 /etc/haproxy/errors/408.http