[MediaWiki-commits] [Gerrit] ganglia - use ssl_ciphersuite - change (operations/puppet)

Dzahn (Code Review) Wed, 13 Aug 2014 16:23:50 -0700

Dzahn has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/153972


Change subject: ganglia - use ssl_ciphersuite
......................................................................

ganglia - use ssl_ciphersuite

Change-Id: I6691e2eac845682f9dd7edcb13be5074a66b8b42
---
M manifests/ganglia.pp
M templates/apache/sites/ganglia.wikimedia.org.erb
2 files changed, 3 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/72/153972/1

diff --git a/manifests/ganglia.pp b/manifests/ganglia.pp
index 2ff4c43..5e6b23f 100644
--- a/manifests/ganglia.pp
+++ b/manifests/ganglia.pp
@@ -469,6 +469,8 @@
 
         $ganglia_ssl_cert = '/etc/ssl/certs/ganglia.wikimedia.org.pem'
         $ganglia_ssl_key = '/etc/ssl/private/ganglia.wikimedia.org.key'
+
+        $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat')
     }
 
     file { "/etc/apache2/sites-enabled/${ganglia_servername}":
diff --git a/templates/apache/sites/ganglia.wikimedia.org.erb 
b/templates/apache/sites/ganglia.wikimedia.org.erb
index 979c770..707ea78 100644
--- a/templates/apache/sites/ganglia.wikimedia.org.erb
+++ b/templates/apache/sites/ganglia.wikimedia.org.erb
@@ -26,11 +26,9 @@
     ServerAdmin [email protected]
 
     SSLEngine on
-    SSLProtocol +ALL -SSLv2
-    SSLCipherSuite 
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!DH
-    SSLHonorCipherOrder on
     SSLCertificateFile <%= @ganglia_ssl_cert %>
     SSLCertificateKeyFile <%= @ganglia_ssl_key %>
+    <%= @ssl_settings.join("\n") %>
 
     <Directory "/var/www">
     Options FollowSymLinks

-- 
To view, visit https://gerrit.wikimedia.org/r/153972
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I6691e2eac845682f9dd7edcb13be5074a66b8b42
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] ganglia - use ssl_ciphersuite - change (operations/puppet)

Reply via email to