-
-
Save jtimberman/33b348a1f3b94051f3a2 to your computer and use it in GitHub Desktop.
some handy hints for mitigating SSLv3 "POODLE" attack with Chef
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # this is a default attribute in your cookbook's attributes/default.rb | |
| node.default['webserver']['ssl_protocols'] = 'TLSv1 TLSv1.1 TLSv1.2' | |
| # Or, make it an array, then you can .join it... | |
| node.default['webserver']['ssl_protocols'] = ['TLSv1', 'TLSv1.1', 'TLSv1.2'] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # if you used a space-separated string: | |
| ssl_protocols <%= node['webserver']['ssl_protocols'].split.join(' ') %>; | |
| # if you used an array: | |
| ssl_protocols <%= node['webserver']['ssl_protocols'].join(' ') %>; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # if you used a space-separated string: | |
| SSLProtocol -ALL +<%= node['webserver']['ssl_protocols'].split.join(' +') %> | |
| # if you used an array: | |
| SSLProtocol -ALL +<%= node['webserver']['ssl_protocols'].join(' +') %> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment