[MediaWiki-commits] [Gerrit] update SSL ciphers for noc.wikimedia.org to support PFS - change (operations/puppet)
Dzahn has submitted this change and it was merged. Change subject: update SSL ciphers for noc.wikimedia.org to support PFS .. update SSL ciphers for noc.wikimedia.org to support PFS I used the cipher suite list from Ic18e2a27e0e25fe3ee287c5d56834a77ba78c35c. Bug: 53259 Change-Id: Ie4910dcb158157db6f05c2d3917ade7deb3f75ba --- M files/apache/sites/noc.wikimedia.org 1 file changed, 2 insertions(+), 2 deletions(-) Approvals: jenkins-bot: Checked Dzahn: Verified; Looks good to me, approved diff --git a/files/apache/sites/noc.wikimedia.org b/files/apache/sites/noc.wikimedia.org index 286ff1d..9030c1b 100644 --- a/files/apache/sites/noc.wikimedia.org +++ b/files/apache/sites/noc.wikimedia.org @@ -43,8 +43,8 @@ UserDir public_html SSLEngine on - SSLProtocol -ALL +SSLv3 +TLSv1 - SSLCipherSuite AES128-GCM-SHA256:RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA +SSLProtocol +ALL -SSLv2 +SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!DH SSLHonorCipherOrder on SSLCertificateFile /etc/ssl/certs/noc.wikimedia.org.pem SSLCertificateKeyFile /etc/ssl/private/noc.wikimedia.org.key -- To view, visit https://gerrit.wikimedia.org/r/147123 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ie4910dcb158157db6f05c2d3917ade7deb3f75ba Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Chmarkine Gerrit-Reviewer: Chmarkine Gerrit-Reviewer: Dzahn Gerrit-Reviewer: JanZerebecki Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] update SSL ciphers for noc.wikimedia.org to support PFS - change (operations/puppet)
Chmarkine has uploaded a new change for review. https://gerrit.wikimedia.org/r/147123 Change subject: update SSL ciphers for noc.wikimedia.org to support PFS .. update SSL ciphers for noc.wikimedia.org to support PFS I used the cipher suite list from Ic18e2a27e0e25fe3ee287c5d56834a77ba78c35c. Bug: 53259 Change-Id: Ie4910dcb158157db6f05c2d3917ade7deb3f75ba --- M files/apache/sites/noc.wikimedia.org 1 file changed, 2 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/23/147123/1 diff --git a/files/apache/sites/noc.wikimedia.org b/files/apache/sites/noc.wikimedia.org index 286ff1d..9030c1b 100644 --- a/files/apache/sites/noc.wikimedia.org +++ b/files/apache/sites/noc.wikimedia.org @@ -43,8 +43,8 @@ UserDir public_html SSLEngine on - SSLProtocol -ALL +SSLv3 +TLSv1 - SSLCipherSuite AES128-GCM-SHA256:RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA +SSLProtocol +ALL -SSLv2 +SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!DH SSLHonorCipherOrder on SSLCertificateFile /etc/ssl/certs/noc.wikimedia.org.pem SSLCertificateKeyFile /etc/ssl/private/noc.wikimedia.org.key -- To view, visit https://gerrit.wikimedia.org/r/147123 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie4910dcb158157db6f05c2d3917ade7deb3f75ba Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Chmarkine ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
