[MediaWiki-commits] [Gerrit] switch to explicit ciphersuite lists - change (operations/puppet)

BBlack (Code Review) Mon, 29 Jun 2015 17:43:35 -0700

BBlack has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/221805


Change subject: switch to explicit ciphersuite lists
......................................................................

switch to explicit ciphersuite lists

Bug: T104274
Change-Id: Ib0d59e3d95e7c438caf31d6cbf50e378d7525682
---
M modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
1 file changed, 9 insertions(+), 19 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/05/221805/1

diff --git a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb 
b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
index bbfa9f8..75e616c 100644
--- a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
+++ b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
@@ -48,6 +48,7 @@
 module Puppet::Parser::Functions
   ciphersuites = {
     'compat' => [
+      '-ALL',
       'ECDHE-ECDSA-AES128-GCM-SHA256',
       'ECDHE-RSA-AES128-GCM-SHA256',
       'ECDHE-ECDSA-AES256-GCM-SHA384',
@@ -62,18 +63,16 @@
       'ECDHE-RSA-AES256-SHA',
       'AES128-GCM-SHA256',
       'AES256-GCM-SHA384',
-      'AES128',
-      'AES256',
-      'HIGH',
-      '!aNULL',
-      '!eNULL',
-      '!EXPORT',
-      '!DES',
-      '!MD5',
-      '!PSK',
-      '!DH',
+      'AES128-SHA256',
+      'AES128-SHA',
+      'AES256-SHA256',
+      'AES256-SHA',
+      'CAMELLIA128-SHA',
+      'CAMELLIA256-SHA',
+      'DES-CBC3-SHA',
     ],
     'strong' => [
+      '-ALL',
       'ECDHE-ECDSA-AES128-GCM-SHA256',
       'ECDHE-RSA-AES128-GCM-SHA256',
       'ECDHE-ECDSA-AES256-GCM-SHA384',
@@ -86,15 +85,6 @@
       'ECDHE-RSA-AES256-SHA384',
       'ECDHE-ECDSA-AES256-SHA',
       'ECDHE-RSA-AES256-SHA',
-      'HIGH',
-      '!aNULL',
-      '!eNULL',
-      '!EXPORT',
-      '!DES',
-      '!3DES',
-      '!MD5',
-      '!PSK',
-      '!DH',
     ],
   }
   newfunction(

-- 
To view, visit https://gerrit.wikimedia.org/r/221805
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ib0d59e3d95e7c438caf31d6cbf50e378d7525682
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <bbl...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] switch to explicit ciphersuite lists - change (operations/puppet)

Reply via email to