|
@@ -27,6 +27,10 @@
|
|
|
fqdn: parameters-mandatory-bullseye
|
|
|
- name: parameters-optional-bullseye_https
|
|
|
fqdn: parameters-optional-bullseye
|
|
|
- name: parameters-mandatory-bookworm_https
|
|
|
fqdn: parameters-mandatory-bookworm
|
|
|
- name: parameters-optional-bookworm_https
|
|
|
fqdn: parameters-optional-bookworm
|
|
|
|
|
|
- name: Set-up link to generated X.509 material
|
|
|
file:
|
|
@@ -59,6 +63,28 @@
|
|
|
- nmap
|
|
|
state: present
|
|
|
|
|
|
- hosts: bookworm
|
|
|
become: true
|
|
|
tasks:
|
|
|
|
|
|
- name: Enable TLSv1.0+ in global OpenSSL configuration file in order to be able to test the web_server_tls_protocols parameter
|
|
|
blockinfile:
|
|
|
path: "/etc/ssl/openssl.cnf"
|
|
|
block: |
|
|
|
[openssl_init]
|
|
|
ssl_conf = ssl_sect
|
|
|
|
|
|
[ssl_sect]
|
|
|
system_default = system_default_sect
|
|
|
|
|
|
[system_default_sect]
|
|
|
MinProtocol = TLSv1.1
|
|
|
CipherString = DEFAULT@SECLEVEL=0
|
|
|
owner: root
|
|
|
group: root
|
|
|
mode: 0644
|
|
|
state: present
|
|
|
|
|
|
- hosts: all
|
|
|
become: true
|
|
|
tasks:
|
|
@@ -76,6 +102,8 @@
|
|
|
192.168.56.11: "client"
|
|
|
192.168.56.31: "parameters-mandatory-bullseye"
|
|
|
192.168.56.32: "parameters-optional-bullseye"
|
|
|
192.168.56.21: "parameters-mandatory-bookworm"
|
|
|
192.168.56.22: "parameters-optional-bookworm"
|
|
|
|
|
|
- name: Install curl for testing redirects and webpage content
|
|
|
apt:
|