From 8c07d4ddae7b9469c9a084a697c8caf7a76fa61b Mon Sep 17 00:00:00 2001 From: Quentin Date: Fri, 22 Jul 2022 15:37:13 +0200 Subject: [PATCH] ssl version --- README.md | 5 +++++ defaults/main.yml | 3 +++ templates/stunnel.conf.j2 | 10 ++++++++++ 3 files changed, 18 insertions(+) diff --git a/README.md b/README.md index 0d88975..ff958af 100644 --- a/README.md +++ b/README.md @@ -24,6 +24,10 @@ Role Variables 1. `stunnel_certificate_locality` (optional, if `stunnel_certificate_generation` is True, default locality) : self signed certificate locality field 1. `stunnel_certificate_file` certificate file to generate or use, depends on `stunnel_certificate_generation` value. Default is /tmp/certificate.pem 1. `stunnel_key_file` key file to generate or use, depends on `stunnel_certificate_generation` value. Default is /tmp/key.pem +1. To control SSL version : + 1. `stunnel_sslversion` (optional): specify a SSL version + 1. `stunnel_ssl_version_min` (optional): specify a min SSL version (when used with OpenSSL 1.1.0 and later) + 1. `stunnel_ssl_version_max` (optional): specify a max SSL version (when used with OpenSSL 1.1.0 and later) 1. `stunnel_psks` a list of psk. This look like this: - name: client1 @@ -65,6 +69,7 @@ Example Playbook stunnel_certificate_locality: Paris stunnel_certificate_file: /tmp/stunnel.pem stunnel_key_file: /tmp/key.pem + stunnel_sslversion: TLSv1.2 stunnel_services: - name: https accept: 443 diff --git a/defaults/main.yml b/defaults/main.yml index 6242360..864180f 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -11,6 +11,9 @@ stunnel_certificate_state_name: state stunnel_certificate_locality: locality stunnel_certificate_file: /tmp/certificate.pem stunnel_key_file: /tmp/key.pem +stunnel_sslversion: "" +stunnel_ssl_version_min: "" +stunnel_ssl_version_max: "" stunnel_services: [] stunnel_psks: [] stunnel_pid: /var/run/stunnel.pid diff --git a/templates/stunnel.conf.j2 b/templates/stunnel.conf.j2 index e1bcba4..82bcb59 100644 --- a/templates/stunnel.conf.j2 +++ b/templates/stunnel.conf.j2 @@ -1,6 +1,16 @@ pid = {{ stunnel_pid }} output = {{ stunnel_output }} +{% if stunnel_sslversion %} +sslVersion = {{ stunnel_sslversion }} +{% endif %} +{% if stunnel_ssl_version_min %} +sslVersionMin = {{ stunnel_ssl_version_min }} +{% endif %} +{% if stunnel_ssl_version_max %} +sslVersionMax = {{ stunnel_ssl_version_max }} +{% endif %} + {% if stunnel_use_certificate %} cert = /etc/stunnel/stunnel.pem {% endif -%}