[MediaWiki-commits] [Gerrit] etherpad - update SSL cipher list - change (operations/puppet)

Fri, 18 Jul 2014 10:01:37 -0700 

Dzahn has submitted this change and it was merged.

Change subject: etherpad - update SSL cipher list
......................................................................


etherpad - update SSL cipher list

to support PFS and be like all the other misc.
services we recently updated

Bug: 53259
Change-Id: Ib06d626fd7cc29b351487ff1fd1622d0097a757d
---
M templates/apache/sites/etherpad_lite.wikimedia.org.erb
1 file changed, 2 insertions(+), 2 deletions(-)

Approvals:
  Chmarkine: Looks good to me, but someone else must approve
  JanZerebecki: Looks good to me, but someone else must approve
  jenkins-bot: Checked
  Dzahn: Verified; Looks good to me, approved



diff --git a/templates/apache/sites/etherpad_lite.wikimedia.org.erb 
b/templates/apache/sites/etherpad_lite.wikimedia.org.erb
index 612e1e4..91944a1 100644
--- a/templates/apache/sites/etherpad_lite.wikimedia.org.erb
+++ b/templates/apache/sites/etherpad_lite.wikimedia.org.erb
@@ -56,8 +56,8 @@
 <% end -%>
 
     SSLEngine on
-    SSLProtocol -ALL +SSLv3 +TLSv1
-    SSLCipherSuite 
AES128-GCM-SHA256:RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA
+    SSLProtocol +ALL -SSLv2
+    SSLCipherSuite 
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!DH
     SSLHonorCipherOrder on
     SSLCertificateFile <%= @etherpad_ssl_cert %>
     SSLCertificateKeyFile <%= @etherpad_ssl_key %>

-- 
To view, visit https://gerrit.wikimedia.org/r/147199
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Ib06d626fd7cc29b351487ff1fd1622d0097a757d
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: Chmarkine <chmark...@hotmail.com>
Gerrit-Reviewer: Dzahn <dz...@wikimedia.org>
Gerrit-Reviewer: JanZerebecki <jan.wikime...@zerebecki.de>
Gerrit-Reviewer: Matanya <mata...@foss.co.il>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to