[MediaWiki-commits] [Gerrit] rt - use ssl_ciphersuite - change (operations/puppet)

Wed, 13 Aug 2014 16:37:05 -0700 

Dzahn has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/153981

Change subject: rt - use ssl_ciphersuite
......................................................................

rt - use ssl_ciphersuite

Change-Id: I81a36d45c1f0ec8b5e765ef7ea2f7d3d41e065bf
---
M manifests/role/rt.pp
M templates/rt/rt4.apache.erb
2 files changed, 3 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/81/153981/1

diff --git a/manifests/role/rt.pp b/manifests/role/rt.pp
index 373a983..1f8b0da 100644
--- a/manifests/role/rt.pp
+++ b/manifests/role/rt.pp
@@ -6,6 +6,8 @@
 
     install_certificate { 'rt.wikimedia.org': }
 
+    $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat')
+
     class { 'misc::rt':
         site   => 'rt.wikimedia.org',
         dbhost => 'db1001.eqiad.wmnet',
diff --git a/templates/rt/rt4.apache.erb b/templates/rt/rt4.apache.erb
index 09bbb4e..e14bbcf 100644
--- a/templates/rt/rt4.apache.erb
+++ b/templates/rt/rt4.apache.erb
@@ -14,12 +14,10 @@
   ServerName <%=@site%>
 
   SSLEngine on
-  SSLProtocol +ALL -SSLv2
-  SSLCipherSuite 
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!DH
-  SSLHonorCipherOrder on
   SSLCertificateFile /etc/ssl/certs/rt.wikimedia.org.pem
   SSLCertificateKeyFile /etc/ssl/private/rt.wikimedia.org.key
   SSLCACertificatePath /etc/ssl/certs
+  <%= @ssl_settings.join("\n") %>
 
   AddDefaultCharset UTF-8
 

-- 
To view, visit https://gerrit.wikimedia.org/r/153981
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I81a36d45c1f0ec8b5e765ef7ea2f7d3d41e065bf
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to