From 62981b47ad4747e8cf752e16510964a85a2b0448 Mon Sep 17 00:00:00 2001
From: Marvin Frick <marvin.frick@sinnerschrader.com>
Date: Wed, 29 Jul 2015 12:16:37 +0200
Subject: [PATCH] adds ssl-default-bind options to template

---
 haproxy/templates/haproxy.jinja | 7 ++++++-
 pillar.example                  | 2 ++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/haproxy/templates/haproxy.jinja b/haproxy/templates/haproxy.jinja
index 3f6c548..61e020d 100644
--- a/haproxy/templates/haproxy.jinja
+++ b/haproxy/templates/haproxy.jinja
@@ -24,7 +24,12 @@ global
     # Stats support is currently limited to socket mode
     stats socket {{ salt['pillar.get']('haproxy:global:stats:socketpath', '/tmp/ha_stats.sock') }}
 {%- endif %}
-
+{%- if salt['pillar.get']('haproxy:global:ssl-default-bind-ciphers', False) %}
+    ssl-default-bind-ciphers {{ salt['pillar.get']('haproxy:global:ssl-default-bind-ciphers') }}
+{%- endif %}
+{%- if salt['pillar.get']('haproxy:global:ssl-default-bind-options', False) %}
+    ssl-default-bind-options {{ salt['pillar.get']('haproxy:global:ssl-default-bind-options') }}
+{%- endif %}
 
 #------------------
 # common defaults that all the 'listen' and 'backend' sections will
diff --git a/pillar.example b/pillar.example
index f90debc..3aee2e1 100644
--- a/pillar.example
+++ b/pillar.example
@@ -9,6 +9,8 @@ haproxy:
     stats:
       enable: True
       socketpath: /var/lib/haproxy/stats
+    ssl-default-bind-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384"
+    ssl-default-bind-options: "no-sslv3 no-tlsv10 no-tlsv11"
 
     user: haproxy
     group: haproxy