From ac5a9aa0f03e6020e287f164a3bf5e5045c562c5 Mon Sep 17 00:00:00 2001
From: Jake Howard <git@theorangeone.net>
Date: Sun, 26 Jan 2020 18:15:19 +0000
Subject: [PATCH] Remove SSL block from haproxy config

---
 ansible/roles/gateway/files/haproxy.cfg | 18 +++---------------
 1 file changed, 3 insertions(+), 15 deletions(-)

diff --git a/ansible/roles/gateway/files/haproxy.cfg b/ansible/roles/gateway/files/haproxy.cfg
index 28c586d..4f2f8ec 100644
--- a/ansible/roles/gateway/files/haproxy.cfg
+++ b/ansible/roles/gateway/files/haproxy.cfg
@@ -9,26 +9,14 @@ global
 	daemon
 	maxconn 10000
 
-	# Default SSL material locations
-	ca-base /etc/ssl/certs
-	crt-base /etc/ssl/private
-
-	# Default ciphers to use on SSL-enabled listening sockets.
-	# For more information, see ciphers(1SSL). This list is from:
-	#  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
-	# An alternative list with additional directives can be obtained from
-	#  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
-	ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
-	ssl-default-bind-options no-sslv3
-
 defaults
 	log	global
 	mode	http
 	option	httplog
 	option	dontlognull
-        timeout connect 10000
-        timeout client  50000
-        timeout server  50000
+	timeout connect 10000
+	timeout client  50000
+	timeout server  50000
 	errorfile 400 /etc/haproxy/errors/400.http
 	errorfile 403 /etc/haproxy/errors/403.http
 	errorfile 408 /etc/haproxy/errors/408.http