[MediaWiki-commits] [Gerrit] ishmael -- update cipher suite list to support PFS - change (operations/puppet)
Dzahn has submitted this change and it was merged. Change subject: ishmael -- update cipher suite list to support PFS .. ishmael -- update cipher suite list to support PFS This patch changes cipher suite list for ishmael.wikimedia.org to support Forward Secrecy. Bug: 53259 Change-Id: I3d664fa92028f4580f828412657e4c11571a708f --- M modules/ishmael/templates/apache/ishmael.wikimedia.org.erb 1 file changed, 2 insertions(+), 2 deletions(-) Approvals: JanZerebecki: Looks good to me, but someone else must approve jenkins-bot: Verified Dzahn: Looks good to me, approved diff --git a/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb b/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb index 3bf43ef..add40da 100644 --- a/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb +++ b/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb @@ -7,8 +7,8 @@ ServerName <%= @site_name %> SSLEngine On - SSLProtocol -ALL +SSLv3 +TLSv1 - SSLCipherSuite AES128-GCM-SHA256:RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA + SSLProtocol +ALL -SSLv2 + SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!DH SSLHonorCipherOrder on SSLCertificateFile /etc/ssl/private/ishmael.wikimedia.org.pem SSLCertificateKeyFile /etc/ssl/private/ishmael.wikimedia.org.key -- To view, visit https://gerrit.wikimedia.org/r/147740 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I3d664fa92028f4580f828412657e4c11571a708f Gerrit-PatchSet: 2 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Chmarkine Gerrit-Reviewer: Alexandros Kosiaris Gerrit-Reviewer: Dzahn Gerrit-Reviewer: JanZerebecki Gerrit-Reviewer: Matanya Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] ishmael -- update cipher suite list to support PFS - change (operations/puppet)
Chmarkine has uploaded a new change for review. https://gerrit.wikimedia.org/r/147740 Change subject: ishmael -- update cipher suite list to support PFS .. ishmael -- update cipher suite list to support PFS This patch changes cipher suite list for ishmael.wikimedia.org to support Forward Secrecy. Bug: 53259 Change-Id: I3d664fa92028f4580f828412657e4c11571a708f --- M modules/ishmael/templates/apache/ishmael.wikimedia.org.erb 1 file changed, 2 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/40/147740/1 diff --git a/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb b/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb index 3bf43ef..add40da 100644 --- a/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb +++ b/modules/ishmael/templates/apache/ishmael.wikimedia.org.erb @@ -7,8 +7,8 @@ ServerName <%= @site_name %> SSLEngine On - SSLProtocol -ALL +SSLv3 +TLSv1 - SSLCipherSuite AES128-GCM-SHA256:RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA + SSLProtocol +ALL -SSLv2 + SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!DH SSLHonorCipherOrder on SSLCertificateFile /etc/ssl/private/ishmael.wikimedia.org.pem SSLCertificateKeyFile /etc/ssl/private/ishmael.wikimedia.org.key -- To view, visit https://gerrit.wikimedia.org/r/147740 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I3d664fa92028f4580f828412657e4c11571a708f Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Chmarkine ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits