[MediaWiki-commits] [Gerrit] ishmael - use ssl_ciphersuite - change (operations/puppet)

Wed, 13 Aug 2014 16:40:07 -0700 

Dzahn has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/153982

Change subject: ishmael - use ssl_ciphersuite
......................................................................

ishmael - use ssl_ciphersuite

Change-Id: I183cc083f611d4e5d1ab6308431cf422a0b16a7a
---
M manifests/role/ishmael.pp
M modules/ishmael/templates/apache/ishmael.wikimedia.org.erb
2 files changed, 2 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/82/153982/1

diff --git a/manifests/role/ishmael.pp b/manifests/role/ishmael.pp
index 56192ea..eefa347 100644
--- a/manifests/role/ishmael.pp
+++ b/manifests/role/ishmael.pp
@@ -5,6 +5,7 @@
     system::role { 'role::ishmael': description => 'ishmael server' }
 
     install_certificate{ 'ishmael.wikimedia.org': ca => 'RapidSSL_CA.pem' }
+    $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat')
 
     class { '::ishmael':
         site_name     => 'ishmael.wikimedia.org',
diff --git a/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb 
b/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb
index 12badab..980b13b 100644
--- a/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb
+++ b/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb
@@ -7,12 +7,10 @@
 <VirtualHost *:443>
        ServerName <%= @site_name %>
        SSLEngine On
-       SSLProtocol +ALL -SSLv2
-       SSLCipherSuite 
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!DH
-       SSLHonorCipherOrder on
        SSLCertificateFile /etc/ssl/private/ishmael.wikimedia.org.pem
        SSLCertificateKeyFile /etc/ssl/private/ishmael.wikimedia.org.key
        SSLCACertificateFile /etc/ssl/certs/RapidSSL_CA.pem
+    <%= @ssl_settings.join("\n") %>
        DocumentRoot <%= @docroot %>
 
        <Directory "<%= @docroot %>">

-- 
To view, visit https://gerrit.wikimedia.org/r/153982
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I183cc083f611d4e5d1ab6308431cf422a0b16a7a
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to