From 61b0a7c9ec1555aaf10b118ac7add44196b31232 Mon Sep 17 00:00:00 2001
From: Markus Pesch <markus.pesch@cryptic.systems>
Date: Thu, 31 Jul 2025 09:53:01 +0200
Subject: [PATCH] fix: set cipher correctly

---
 tasks/client_certificate_protected.yaml                 | 1 +
 tasks/intermediate_certificate_authority_protected.yaml | 1 +
 tasks/root_certificate_authority_protected.yaml         | 1 +
 3 files changed, 3 insertions(+)

diff --git a/tasks/client_certificate_protected.yaml b/tasks/client_certificate_protected.yaml
index 9cae3ab..2f4e8d6 100644
--- a/tasks/client_certificate_protected.yaml
+++ b/tasks/client_certificate_protected.yaml
@@ -5,6 +5,7 @@
     path: "{{ certificate_authority_client_path }}/privkey.pem"
     type: "{{ certificate_authority_client_tls_key_type }}"
     passphrase: "{{ certificate_authority_client_tls_key_passphrase }}"
+    cipher: auto
 
 - name: Create a certificate signing request (CSR) for client certificate without subject alternative names (SANs)
   community.crypto.openssl_csr:
diff --git a/tasks/intermediate_certificate_authority_protected.yaml b/tasks/intermediate_certificate_authority_protected.yaml
index 8106c50..5f914c0 100644
--- a/tasks/intermediate_certificate_authority_protected.yaml
+++ b/tasks/intermediate_certificate_authority_protected.yaml
@@ -5,6 +5,7 @@
     passphrase: "{{ certificate_authority_intermediate_ca_tls_key_passphrase }}"
     path: "{{ certificate_authority_intermediate_ca_path }}/privkey.pem"
     type: "{{ certificate_authority_intermediate_ca_tls_key_type }}"
+    cipher: auto
 
 - name: Create a certificate signing request (CSR) for intermediate CA
   community.crypto.openssl_csr:
diff --git a/tasks/root_certificate_authority_protected.yaml b/tasks/root_certificate_authority_protected.yaml
index 67b7a4c..b76a440 100644
--- a/tasks/root_certificate_authority_protected.yaml
+++ b/tasks/root_certificate_authority_protected.yaml
@@ -5,6 +5,7 @@
     passphrase: "{{ certificate_authority_root_ca_tls_key_passphrase }}"
     path: "{{ certificate_authority_root_ca_path }}/privkey.pem"
     type: "{{ certificate_authority_root_ca_tls_key_type }}"
+    cipher: auto
 
 - name: Create a certificate signing request (CSR) for root CA
   community.crypto.openssl_csr: