[MediaWiki-commits] [Gerrit] bugzilla - use ssl_ciphersuite to add HSTS - change (operations/puppet)

Mon, 18 Aug 2014 17:30:07 -0700 

Dzahn has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/154978

Change subject: bugzilla - use ssl_ciphersuite to add HSTS
......................................................................

bugzilla - use ssl_ciphersuite to add HSTS

we already use ssl_ciphersuite for the cipher list
but not for the HSTS line even though ssl_ciphersuite
supports adding that as well. so, use it

just like on I4655ebb78b71e for wikitech

Change-Id: I0de0a92f4513ef09abc7d3ed12cfa7be55ec5623
---
M modules/bugzilla/manifests/apache.pp
M modules/bugzilla/templates/apache/bugzilla.wikimedia.org.erb
2 files changed, 1 insertion(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/78/154978/1

diff --git a/modules/bugzilla/manifests/apache.pp 
b/modules/bugzilla/manifests/apache.pp
index 065b133..0da900d 100644
--- a/modules/bugzilla/manifests/apache.pp
+++ b/modules/bugzilla/manifests/apache.pp
@@ -11,7 +11,7 @@
     install_certificate{ $svc_name: }
     install_certificate{ $attach_svc_name: }
 
-    $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat')
+    $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat', '365')
 
     # this includes them both, 80 and 443
     apache::site { 'bugzilla.wikimedia.org':
diff --git a/modules/bugzilla/templates/apache/bugzilla.wikimedia.org.erb 
b/modules/bugzilla/templates/apache/bugzilla.wikimedia.org.erb
index da05931..c416c41 100644
--- a/modules/bugzilla/templates/apache/bugzilla.wikimedia.org.erb
+++ b/modules/bugzilla/templates/apache/bugzilla.wikimedia.org.erb
@@ -70,8 +70,6 @@
     SSLCACertificatePath /etc/ssl/certs/
     <%= @ssl_settings.join("\n") %>
 
-    Header set Strict-Transport-Security "max-age=31536000"
-
     <Directory />
         Options FollowSymLinks
         AllowOverride None

-- 
To view, visit https://gerrit.wikimedia.org/r/154978
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I0de0a92f4513ef09abc7d3ed12cfa7be55ec5623
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to