Merge pull request #436 from jkroepke/ecdh-curve

bastelfreak · web-flow · commit decd4d3f4a0d · 2022-08-24T11:56:44.000+02:00
Make ecdh-curve optional
diff --git a/REFERENCE.md b/REFERENCE.md
@@ -1339,11 +1339,11 @@ Default value: `'secp384r1'`
 
 ##### <a name="ecdh_curve"></a>`ecdh_curve`
 
-Data type: `String`
+Data type: `Optional[String[1]]`
 
 Define the named curve for ECDH key exchange, used if ssl_key_algo is ec, ed
 
-Default value: `'secp384r1'`
+Default value: ``undef``
 
 ##### <a name="topology"></a>`topology`
 
diff --git a/manifests/server.pp b/manifests/server.pp
@@ -184,7 +184,7 @@
   Enum['rsa', 'ec', 'ed'] $ssl_key_algo                             = 'rsa',
   Integer $ssl_key_size                                             = 2048,
   String $ssl_key_curve                                             = 'secp384r1',
-  String $ecdh_curve                                                = 'secp384r1',
+  Optional[String[1]] $ecdh_curve                                   = undef,
   String $topology                                                  = 'net30',
   Boolean $c2c                                                      = false,
   Boolean $tcp_nodelay                                              = false,
diff --git a/templates/server.erb b/templates/server.erb
@@ -46,6 +46,8 @@ dh <%= @server_directory %>/<%= @ca_name %>/keys/dh<%= @ssl_key_size %>.pem
 dh <%= @server_directory %>/<%= @ca_name %>/keys/dh.pem
 <%- else -%>
 dh none
+<%- end -%>
+<%- if @ecdh_curve -%>
 ecdh-curve <%= @ecdh_curve %>
 <%- end -%>
 <%   end -%>
