[MediaWiki-commits] [Gerrit] bugzilla - remove DHE ciphers - change (operations/puppet)

Wed, 16 Jul 2014 16:19:43 -0700 

Dzahn has submitted this change and it was merged.

Change subject: bugzilla - remove DHE ciphers
......................................................................


bugzilla - remove DHE ciphers

though already deactivated with !DH,
still remove these ciphers:

DHE-RSA-AES128-GCM-SHA256:kEDH+AESGCM

as explained in I39b389b63ae6b8 it was an oversight,
and we just copied from the nginx cluster config
for misc. services

Change-Id: I2e48991d4119a2ed8910d1a977eafc35863a7db7
---
M modules/bugzilla/manifests/init.pp
1 file changed, 1 insertion(+), 1 deletion(-)

Approvals:
  jenkins-bot: Verified
  Dzahn: Looks good to me, approved



diff --git a/modules/bugzilla/manifests/init.pp 
b/modules/bugzilla/manifests/init.pp
index 03b9a5a..9fe4f85 100644
--- a/modules/bugzilla/manifests/init.pp
+++ b/modules/bugzilla/manifests/init.pp
@@ -53,7 +53,7 @@
         svc_name        => 'bugzilla.wikimedia.org',
         attach_svc_name => 'bug-attachment.wikimedia.org',
         docroot         => '/srv/org/wikimedia/bugzilla/',
-        cipher_suite    => 
'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!DH',
+        cipher_suite    => 
'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!DH',
     }
 
     # Perl modules needed by Bugzilla

-- 
To view, visit https://gerrit.wikimedia.org/r/146461
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I2e48991d4119a2ed8910d1a977eafc35863a7db7
Gerrit-PatchSet: 6
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: Yuvipanda <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to