Module Version: v6.0.0
Puppet Version: 5.5.10
OS Name/Version: Debian 10.9
Describe your issue in as much detail as possible...
- ssl_honorcipherorder default in vhost is On as documented, or documentation is changed.
- ssl_honorcipherorder in vhost works with booleans as documented.
vhost parameter ssl_honorcipherorder claims that true is the default, indeed it looks that way in the class parameters. However nothing appears in the vhost output unless you explicitly set it.
I assume it's something to do with the funky code in ssl.pp that is trying to make it accept both 'On'/'Off' and true/false. It may also be that the template needs to use the _ prefixed variable instead, but I can't understand this well enough to propose a fix.
It also doesn't work with a boolean true as documented (it emits 'true' to the apache config instead of 'On', which makes Apache fail to start). I think it needs to use apache::bool2httpd. (It should indeed accept booleans to be compatible with all the other parameters, like ssl_stapling)