[MediaWiki-commits] [Gerrit] svn -- update cipher suite list to support PFS - change (operations/puppet)

Wed, 23 Jul 2014 04:58:28 -0700 

Alexandros Kosiaris has submitted this change and it was merged.

Change subject: svn -- update cipher suite list to support PFS
......................................................................


svn -- update cipher suite list to support PFS

This patch changes cipher suite list for svn.wikimedia.org
to support Forward Secrecy.

Bug: 53259

Change-Id: I130dd511ca2e92a5717573f00df1ceaa01a94d52
---
M modules/subversion/files/apache/svn.wikimedia.org
1 file changed, 2 insertions(+), 2 deletions(-)

Approvals:
  Alexandros Kosiaris: Verified; Looks good to me, approved
  jenkins-bot: Checked



diff --git a/modules/subversion/files/apache/svn.wikimedia.org 
b/modules/subversion/files/apache/svn.wikimedia.org
index 3687cbb..90795e5 100644
--- a/modules/subversion/files/apache/svn.wikimedia.org
+++ b/modules/subversion/files/apache/svn.wikimedia.org
@@ -50,8 +50,8 @@
        DocumentRoot /srv/org/wikimedia/svn
 
        SSLEngine on
-       SSLProtocol -ALL +SSLv3 +TLSv1
-       SSLCipherSuite 
AES128-GCM-SHA256:RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA
+       SSLProtocol +ALL -SSLv2
+       SSLCipherSuite 
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!DH
        SSLHonorCipherOrder on
        SSLCertificateFile /etc/ssl/certs/svn.wikimedia.org.pem
        SSLCertificateKeyFile /etc/ssl/private/svn.wikimedia.org.key

-- 
To view, visit https://gerrit.wikimedia.org/r/148631
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I130dd511ca2e92a5717573f00df1ceaa01a94d52
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Chmarkine <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: JanZerebecki <[email protected]>
Gerrit-Reviewer: Matanya <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to