In an effort to increase security for our gitlab servers we have attempted to create proper cipher and protocol orders in NGINx through the gitlab.rb file in /etc/gitlab but these changes are not written to the /var/opt/gitlab/nginx/etc/gitlab-http.conf when doing a gitlab-ctl reconfigure. Specifically these configurations:
nginx['ssl_protocols'] = "SSLv3 TLSv1 TLSv1.1 TLSv1.2" nginx['ssl_ciphers'] = "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS" nginx['ssl_session_timeout'] = "5m" We manually update the config file and restart nginx. Please ask for any additional details. -- You received this message because you are subscribed to the Google Groups "GitLab" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/gitlabhq/52cb8792-afe7-451f-bd67-b1f38d0e017e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
