[MediaWiki-commits] [Gerrit] gitblit - use ssl_ciphersuite - change (operations/puppet)

Wed, 13 Aug 2014 16:43:07 -0700 

Dzahn has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/153985

Change subject: gitblit - use ssl_ciphersuite
......................................................................

gitblit - use ssl_ciphersuite

Change-Id: I092634cba9f8be44f0d1c02032cd270154c7f120
---
M manifests/role/gitblit.pp
M modules/gitblit/templates/git.wikimedia.org.erb
2 files changed, 3 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/85/153985/1

diff --git a/manifests/role/gitblit.pp b/manifests/role/gitblit.pp
index 5fe6aed..6c4eeaf 100644
--- a/manifests/role/gitblit.pp
+++ b/manifests/role/gitblit.pp
@@ -5,6 +5,8 @@
 
     include role::gerrit::production::replicationdest
 
+    $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat')
+
     class { '::gitblit':
         host         => 'git.wikimedia.org',
         ssl_cert     => 'git.wikimedia.org',
diff --git a/modules/gitblit/templates/git.wikimedia.org.erb 
b/modules/gitblit/templates/git.wikimedia.org.erb
index bc72209..e84e9b2 100644
--- a/modules/gitblit/templates/git.wikimedia.org.erb
+++ b/modules/gitblit/templates/git.wikimedia.org.erb
@@ -44,12 +44,10 @@
        ServerName <%= @host %>
 
        SSLEngine on
-       SSLProtocol -ALL +SSLv3 +TLSv1
-       SSLCipherSuite 
AES128-GCM-SHA256:RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA
-       SSLHonorCipherOrder on
        SSLCertificateFile /etc/ssl/certs/<%= @ssl_cert %>.pem
        SSLCertificateChainFile /etc/ssl/certs/<%= @ssl_cert %>.chained.pem
        SSLCertificateKeyFile /etc/ssl/private/<%= @ssl_cert_key %>.key
+    <%= @ssl_settings.join("\n") %>
 
        RequestHeader set X-Forwarded-Proto https
        RequestHeader set X-Forwarded-Port 443

-- 
To view, visit https://gerrit.wikimedia.org/r/153985
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I092634cba9f8be44f0d1c02032cd270154c7f120
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to