From 07660078877b16bdd1ba82926ec2f23bbe8645a9 Mon Sep 17 00:00:00 2001
From: John Keates <john@keates.nl>
Date: Wed, 26 Aug 2015 01:42:39 +0200
Subject: [PATCH] Changes in the template

---
 haproxy/templates/haproxy.jinja | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja
index d9bbb0e..ef5fd0a 100644
--- a/haproxy/templates/haproxy.jinja
+++ b/haproxy/templates/haproxy.jinja
@@ -25,6 +25,11 @@ global
     stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }}
 {% endif %}
 
+# TODO: Make the following configurable from pillar
+    ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12
+    ssl-default-bind-ciphers AES128+EECDH:AES128+EDH
+    tune.ssl.default-dh-param 2048
+
   {%- for id, userlist in salt['pillar.get']('haproxy:userlists',  {}).iteritems() %}
 userlist {{ id }}
   {%- for id, entry in userlist.iteritems() %}