- name: Set Default Ciphers If None Given
  ansible.builtin.set_fact:
    ssl_ciphers:
      - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
      - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
      - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
      - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
      - TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
      - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
      - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
      - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
      - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
      - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
      - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
      - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
      - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
      - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
      - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
      - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
      - TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
      - TLS_DHE_DSS_WITH_AES_256_CBC_SHA
      - TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
      - TLS_DHE_DSS_WITH_AES_128_CBC_SHA
  when: ssl_ciphers is not defined

- name: Set SSL Cipher Suite
  ansible.windows.win_regedit:
    path: HKLM:\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010002
    name: Functions
    state: present
    type: multistring
    data: "{{ ssl_ciphers }}"