[MediaWiki-commits] [Gerrit] racktables - update SSL cipher list - change (operations/puppet)

Thu, 17 Jul 2014 12:06:34 -0700 

Dzahn has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/147185

Change subject: racktables - update SSL cipher list
......................................................................

racktables - update SSL cipher list

to support PFS and be like all the other hosts
we recently updated...

Change-Id: Id217292222f1f8fcac4f053068f467578ccb0bfb
---
M templates/apache/sites/racktables.wikimedia.org.erb
1 file changed, 6 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/85/147185/1

diff --git a/templates/apache/sites/racktables.wikimedia.org.erb 
b/templates/apache/sites/racktables.wikimedia.org.erb
index 8bcf11f..fb81a78 100644
--- a/templates/apache/sites/racktables.wikimedia.org.erb
+++ b/templates/apache/sites/racktables.wikimedia.org.erb
@@ -18,8 +18,12 @@
        ServerName <%= @racktables_host %>
 
        SSLEngine on
-       SSLProtocol -ALL +SSLv3 +TLSv1
-       SSLCipherSuite 
AES128-GCM-SHA256:RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA
+       SSLProtocol +ALL -SSLv2
+       SSLCipherSuite 
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GC
+M-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-A
+ES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-
+SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA
+:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!DH
        SSLHonorCipherOrder on
        SSLCertificateFile <%= @racktables_ssl_cert %>
        SSLCertificateKeyFile <%= @racktables_ssl_key %>

-- 
To view, visit https://gerrit.wikimedia.org/r/147185
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Id217292222f1f8fcac4f053068f467578ccb0bfb
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <dz...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to