[MediaWiki-commits] [Gerrit] Revert "stats.wm.org - use ssl_ciphersuite" - change (operations/puppet)

Dzahn (Code Review) Wed, 20 Aug 2014 13:48:00 -0700

Dzahn has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/155430


Change subject: Revert "stats.wm.org - use ssl_ciphersuite"
......................................................................

Revert "stats.wm.org - use ssl_ciphersuite"

This reverts commit d7e8f583b767396ba4d3b1a17fc513b49f6717f8.

Change-Id: I1c3a2cc4e825b49194e53b010493c3814abcfdd9
---
M manifests/misc/statistics.pp
M templates/apache/sites/stats.wikimedia.org.erb
2 files changed, 3 insertions(+), 4 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/30/155430/1

diff --git a/manifests/misc/statistics.pp b/manifests/misc/statistics.pp
index c162c98..d0391f3 100644
--- a/manifests/misc/statistics.pp
+++ b/manifests/misc/statistics.pp
@@ -327,9 +327,6 @@
         group   => 'root',
         source  => 'puppet:///files/apache/ports.conf.ssl',
     }
-
-    $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat')
-
 }
 
 # community-analytics.wikimedia.org
diff --git a/templates/apache/sites/stats.wikimedia.org.erb 
b/templates/apache/sites/stats.wikimedia.org.erb
index 6c328b3..a489360 100644
--- a/templates/apache/sites/stats.wikimedia.org.erb
+++ b/templates/apache/sites/stats.wikimedia.org.erb
@@ -82,10 +82,12 @@
     RewriteRule ^(.*)$ https://stats.wikimedia.org$1 [R=301,L]
 
     SSLEngine on
+    SSLProtocol +ALL -SSLv2
+    SSLCipherSuite 
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!DH
+    SSLHonorCipherOrder on
     SSLCertificateFile    /etc/ssl/certs/stats.wikimedia.org.pem
     SSLCertificateKeyFile /etc/ssl/private/stats.wikimedia.org.key
     SSLCertificateChainFile /etc/ssl/certs/stats.wikimedia.org.chained.pem
-    <%= @ssl_settings.join("\n") %>
 
     # Settings for geowiki's private data
     <Directory "<%= 
scope.lookupvar('misc::statistics::sites::stats::geowiki_private_directory') 
%>">

-- 
To view, visit https://gerrit.wikimedia.org/r/155430
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I1c3a2cc4e825b49194e53b010493c3814abcfdd9
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Revert "stats.wm.org - use ssl_ciphersuite" - change (operations/puppet)

Reply via email to