Method: Chef::SslCertificateCookbook::ServiceHelpers#ssl_config_for_service

Defined in:
libraries/service_helpers.rb

#ssl_config_for_service(service) ⇒ Hash

Returns the recommended SSL configuration for a specific service.

You can create your own service specific configurations creating service subkeys under node['ssl_certificate']['service'].

default['ssl_certificate']['service'][:modern]['postfix']['protocols'] =
  'TLSv1.1, TLSv1.2'

By default, comes with configurations for 'apache' and 'nginx'. Will return default configuration for others ([#default_ssl_config]).

Examples:

ssl_config_for_service('apache')
#=> {"use_hsts"=>true, "use_stapling"=>true,
#    "description"=>"Modern compatibility: ...",
#    "cipher_suite"=>"...", "protocols"=>"all -SSLv2 -SSLv3 -TLSv1"}

Parameters:

  • service (String)

    service name.

Returns:

  • (Hash)

    SSL specific configuration.

See Also:



185
186
187
188
189
# File 'libraries/service_helpers.rb', line 185

def ssl_config_for_service(service)
  config = default_ssl_config
  config_service = ssl_config_service(config, service)
  ssl_config_merge!(config, config_service)
end