Dzahn has uploaded a new change for review. https://gerrit.wikimedia.org/r/147185
Change subject: racktables - update SSL cipher list ...................................................................... racktables - update SSL cipher list to support PFS and be like all the other hosts we recently updated... Change-Id: Id217292222f1f8fcac4f053068f467578ccb0bfb --- M templates/apache/sites/racktables.wikimedia.org.erb 1 file changed, 6 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/85/147185/1 diff --git a/templates/apache/sites/racktables.wikimedia.org.erb b/templates/apache/sites/racktables.wikimedia.org.erb index 8bcf11f..fb81a78 100644 --- a/templates/apache/sites/racktables.wikimedia.org.erb +++ b/templates/apache/sites/racktables.wikimedia.org.erb @@ -18,8 +18,12 @@ ServerName <%= @racktables_host %> SSLEngine on - SSLProtocol -ALL +SSLv3 +TLSv1 - SSLCipherSuite AES128-GCM-SHA256:RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA + SSLProtocol +ALL -SSLv2 + SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GC +M-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-A +ES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256- +SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA +:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!DH SSLHonorCipherOrder on SSLCertificateFile <%= @racktables_ssl_cert %> SSLCertificateKeyFile <%= @racktables_ssl_key %> -- To view, visit https://gerrit.wikimedia.org/r/147185 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Id217292222f1f8fcac4f053068f467578ccb0bfb Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Dzahn <dz...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits