This is an automated email from the ASF dual-hosted git repository.
lfrolov pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/incubator-datalab.git
The following commit(s) were added to refs/heads/develop by this push:
new 5c6646f modified:
infrastructure-provisioning/scripts/deploy_repository/templates/nexus.conf
modified: infrastructure-provisioning/src/project/templates/conf.d/proxy.conf
modified:
infrastructure-provisioning/src/ssn/templates/nginx_proxy.conf - got rid TLS
1.0, 1.1. Added TLS 1.3; - got rid "DES"-method in ssl_ciphers line; -
commented 'ssl on'.
new 6319802 Merge pull request #1383 from roolrd/DATALAB-2661
5c6646f is described below
commit 5c6646f9370b349fbc70163d9cfd814943eaccab
Author: Ruslan Riznyk <[email protected]>
AuthorDate: Thu Jan 6 13:02:08 2022 +0200
modified:
infrastructure-provisioning/scripts/deploy_repository/templates/nexus.conf
modified:
infrastructure-provisioning/src/project/templates/conf.d/proxy.conf
modified:
infrastructure-provisioning/src/ssn/templates/nginx_proxy.conf
- got rid TLS 1.0, 1.1. Added TLS 1.3;
- got rid "DES"-method in ssl_ciphers line;
- commented 'ssl on'.
---
.../scripts/deploy_repository/templates/nexus.conf | 4 ++--
infrastructure-provisioning/src/project/templates/conf.d/proxy.conf | 6 +++---
infrastructure-provisioning/src/ssn/templates/nginx_proxy.conf | 6 +++---
3 files changed, 8 insertions(+), 8 deletions(-)
diff --git
a/infrastructure-provisioning/scripts/deploy_repository/templates/nexus.conf
b/infrastructure-provisioning/scripts/deploy_repository/templates/nexus.conf
index a4201d2..f48079c 100644
--- a/infrastructure-provisioning/scripts/deploy_repository/templates/nexus.conf
+++ b/infrastructure-provisioning/scripts/deploy_repository/templates/nexus.conf
@@ -61,8 +61,8 @@ server {
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers
'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA25
[...]
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_ciphers
'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA25
[...]
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
diff --git
a/infrastructure-provisioning/src/project/templates/conf.d/proxy.conf
b/infrastructure-provisioning/src/project/templates/conf.d/proxy.conf
index c9ce32b..2f7d5aa 100644
--- a/infrastructure-provisioning/src/project/templates/conf.d/proxy.conf
+++ b/infrastructure-provisioning/src/project/templates/conf.d/proxy.conf
@@ -33,12 +33,12 @@ server {
}
# SSL section
proxy_buffering off;
- ssl on;
+ # ssl on;
ssl_certificate /etc/ssl/certs/datalab.crt;
ssl_certificate_key /etc/ssl/certs/datalab.key;
ssl_session_timeout 5m;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers
'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA25
[...]
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_ciphers
'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA25
[...]
ssl_prefer_server_ciphers on;
# ssl_dhparam /etc/ssl/certs/dhparam.pem;
diff --git a/infrastructure-provisioning/src/ssn/templates/nginx_proxy.conf
b/infrastructure-provisioning/src/ssn/templates/nginx_proxy.conf
index 1fda167..bf7c970 100644
--- a/infrastructure-provisioning/src/ssn/templates/nginx_proxy.conf
+++ b/infrastructure-provisioning/src/ssn/templates/nginx_proxy.conf
@@ -36,12 +36,12 @@ server {
}
# SSL section
proxy_buffering off;
- ssl on;
+ # ssl on;
ssl_certificate /etc/ssl/certs/datalab.crt;
ssl_certificate_key /etc/ssl/certs/datalab.key;
ssl_session_timeout 5m;
- ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
- ssl_ciphers
'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA25
[...]
+ ssl_protocols TLSv1.2 TLSv1.3;
+ ssl_ciphers
'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA25
[...]
ssl_prefer_server_ciphers on;
# ssl_dhparam /etc/ssl/certs/dhparam.pem;
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
