Files
@ a9700f6fe020
Branch filter:
Location: majic-ansible-roles/roles/xmpp_server/molecule/default/group_vars/parameters-optional.yml - annotation
a9700f6fe020
1.3 KiB
text/x-yaml
MAR-230: Drop support for older TLS versions from the xmpp_server role:
- Update documentation.
- Include TLSv1.3 ciphers in default configuration for documentation
purposes - although ciphers are not configurable.
- Update the tests. Drop the workarounds for enabling the older
versions via OpenSSL policies.
- Update documentation.
- Include TLSv1.3 ciphers in default configuration for documentation
purposes - although ciphers are not configurable.
- Update the tests. Drop the workarounds for enabling the older
versions via OpenSSL policies.
2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 c95f61f32b67 87f4f8572370 87f4f8572370 a9700f6fe020 a9700f6fe020 a9700f6fe020 a9700f6fe020 2ada86e90026 2ada86e90026 2ada86e90026 87f4f8572370 2ada86e90026 2ada86e90026 2ada86e90026 ceb51ff23ae3 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 2ada86e90026 6d61ce0ca2c9 | ---
xmpp_administrators:
- jane.doe@domain2
- mick.doe@domain3
xmpp_domains:
- domain2
- domain3
xmpp_ldap_base_dn: dc=local
xmpp_ldap_password: prosodypassword
xmpp_ldap_server: ldap-server
xmpp_server_archive_expiration: "1w"
xmpp_tls_certificate: "{{ lookup('file', 'tests/data/x509/server/{{ inventory_hostname }}_xmpp.cert.pem') }}"
xmpp_tls_key: "{{ lookup('file', 'tests/data/x509/server/{{ inventory_hostname }}_xmpp.key.pem') }}"
xmpp_server_tls_protocol: "tlsv1_3+"
# At least one non-TLSv1.3 cipher has to be included in order to
# ensure TLSv1.3 gets initialised.
xmpp_server_tls_ciphers: "ECDHE-RSA-CHACHA20-POLY1305:!aNULL:!MD5:!EXPORT"
# common
ca_certificates:
testca: "{{ lookup('file', 'tests/data/x509/ca/level1.cert.pem') }}"
# backup_client
enable_backup: true
backup_client_username: "bak-parameters-optional-{{ ansible_distribution_release }}"
backup_encryption_key: "{{ lookup('file', 'tests/data/gnupg/parameters-optional.asc') }}"
backup_server: backup-server
backup_server_host_ssh_public_keys:
- "{{ lookup('file', 'tests/data/ssh/server_rsa.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_ed25519.pub') }}"
- "{{ lookup('file', 'tests/data/ssh/server_ecdsa.pub') }}"
backup_ssh_key: "{{ lookup('file', 'tests/data/ssh/parameters-optional') }}"
|