[MediaWiki-commits] [Gerrit] operations/puppet[production]: ciphersuite: deprioritize non-AEAD AES256

Wed, 10 Aug 2016 12:56:36 -0700 

BBlack has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/304059

Change subject: ciphersuite: deprioritize non-AEAD AES256
......................................................................

ciphersuite: deprioritize non-AEAD AES256

I actually want to remove these two, but the remaining percentage
of clients using them is still just a little higher than I'd like
at 0.009%.

However, some quick simulations on sampled client ciphersuite data
indicates that at least *some* of these clients will very likely
move to ECDHE-(ECD|R)SA-AES128-SHA rather than failing to connect,
which is fine.  By de-prioritizing them a level first, we can test
that theory and then re-evaluate removing them completely.

Change-Id: I294fa43dca696adad13b7b1a1ccf9f5a76d4b8c4
---
M modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
1 file changed, 2 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/59/304059/1

diff --git a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb 
b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
index e534342..1071791 100644
--- a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
+++ b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
@@ -93,10 +93,10 @@
     'mid' => [
       'ECDHE-ECDSA-AES128-SHA256',
       'ECDHE-RSA-AES128-SHA256',
-      'ECDHE-ECDSA-AES256-SHA384',
-      'ECDHE-RSA-AES256-SHA384',
       'ECDHE-ECDSA-AES128-SHA',
       'ECDHE-RSA-AES128-SHA',
+      'ECDHE-ECDSA-AES256-SHA384',
+      'ECDHE-RSA-AES256-SHA384',
       'ECDHE-ECDSA-DES-CBC3-SHA',
       'ECDHE-RSA-DES-CBC3-SHA',
       'DHE-RSA-AES128-SHA256',

-- 
To view, visit https://gerrit.wikimedia.org/r/304059
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I294fa43dca696adad13b7b1a1ccf9f5a76d4b8c4
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <bbl...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to