From 67a49e428274ea59f9d43f8f4c3eda45d8ce79ee Mon Sep 17 00:00:00 2001
From: Lars Beckers <lars.beckers@rwth-aachen.de>
Date: Mon, 15 Mar 2021 14:57:11 +0100
Subject: [PATCH] webserver: add cipher configuration for bullseye

---
 webserver/vars/bullseye.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 webserver/vars/bullseye.yml

diff --git a/webserver/vars/bullseye.yml b/webserver/vars/bullseye.yml
new file mode 100644
index 0000000..8998f73
--- /dev/null
+++ b/webserver/vars/bullseye.yml
@@ -0,0 +1,12 @@
+---
+# yamllint disable rule:line-length
+
+protocols:
+  modern: 'TLSv1.3'
+  intermediate: 'TLSv1.2 TLSv1.3'
+ciphers:
+  modern: null
+  intermediate: 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'
+prefer_server_ciphers:
+  modern: false
+  intermediate: false
-- 
GitLab