[MediaWiki-commits] [Gerrit] blog -- update cipher suite list to support PFS - change (operations/puppet)

Sat, 19 Jul 2014 07:37:43 -0700 

Chmarkine has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/147739

Change subject: blog -- update cipher suite list to support PFS
......................................................................

blog -- update cipher suite list to support PFS

This patch changes cipher suite list for blog.wikimedia.org
to support Forward Secrecy.

Bug: 53259
Change-Id: I9fc796c6ba9dc99c3f16237bd29ee312a925edce
---
M files/apache/sites/blog.wikimedia.org
1 file changed, 2 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/39/147739/1

diff --git a/files/apache/sites/blog.wikimedia.org 
b/files/apache/sites/blog.wikimedia.org
index fbafd6c..05737a2 100644
--- a/files/apache/sites/blog.wikimedia.org
+++ b/files/apache/sites/blog.wikimedia.org
@@ -58,8 +58,8 @@
        DocumentRoot /srv/org/wikimedia/blog/
 
         SSLEngine on
-        SSLProtocol -ALL +SSLv3 +TLSv1
-        SSLCipherSuite 
AES128-GCM-SHA256:RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA
+        SSLProtocol +ALL -SSLv2
+        SSLCipherSuite 
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!DH
         SSLHonorCipherOrder on
         SSLCertificateFile /etc/ssl/certs/blog.wikimedia.org.pem
         SSLCertificateKeyFile /etc/ssl/private/blog.wikimedia.org.key

-- 
To view, visit https://gerrit.wikimedia.org/r/147739
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I9fc796c6ba9dc99c3f16237bd29ee312a925edce
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Chmarkine <chmark...@hotmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to