github.com/dustinrc/deis@v1.10.1-0.20150917223407-0894a5fb979e/router/rootfs/etc/confd/templates/ssl.conf

github.com/dustinrc/deis@v1.10.1-0.20150917223407-0894a5fb979e/router/rootfs/etc/confd/templates/ssl.conf (about)

     1  # set the allowed protocols
     2  ssl_protocols {{ or (getv "/deis/router/sslProtocols") "TLSv1 TLSv1.1 TLSv1.2" }};
     3  
     4  # turn on session caching to drastically improve performance
     5  {{ if exists "/deis/router/sslSessionCache" }}
     6  ssl_session_cache {{ getv "/deis/router/sslSessionCache" }};
     7  ssl_session_timeout {{ or (getv "/deis/router/sslSessionTimeout") "10m" }};
     8  {{ end }}
     9  
    10  # allow configuring ssl session tickets
    11  ssl_session_tickets {{ or (getv "/deis/router/sslSessionTickets") "on" }};
    12  
    13  # slightly reduce the time-to-first-byte
    14  ssl_buffer_size {{ or (getv "/deis/router/sslBufferSize") "4k" }};
    15  
    16  # allow configuring custom ssl ciphers
    17  {{ if exists "/deis/router/sslCiphers" }}
    18  ssl_ciphers '{{ getv "/deis/router/sslCiphers" }}';
    19  ssl_prefer_server_ciphers on;
    20  {{ end }}
    21  
    22  # allow custom DH parameters
    23  {{ if exists "/deis/router/sslDhparam" }}
    24  ssl_dhparam /etc/ssl/dhparam.pem;
    25  {{ end }}