[MediaWiki-commits] [Gerrit] webserver - use ssl_ciphersuite in generic_vhost - change (operations/puppet)

Wed, 13 Aug 2014 16:22:54 -0700 

Dzahn has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/153971

Change subject: webserver - use ssl_ciphersuite in generic_vhost
......................................................................

webserver - use ssl_ciphersuite in generic_vhost

use ssl_ciphersuite in generic_vhost.erb
rather than setting cipher settings in each module
individually

Change-Id: I2de1a07139db60cbcbc6956069e073f16355b903
---
M manifests/webserver.pp
M templates/apache/generic_vhost.erb
2 files changed, 3 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/71/153971/1

diff --git a/manifests/webserver.pp b/manifests/webserver.pp
index 3e9cca3..720440a 100644
--- a/manifests/webserver.pp
+++ b/manifests/webserver.pp
@@ -145,6 +145,8 @@
         $ensure       = 'present',
         ) {
 
+        $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat')
+
         file { "/etc/apache2/sites-enabled/${title}":
             notify  => Service['apache2'],
             owner   => 'root',
diff --git a/templates/apache/generic_vhost.erb 
b/templates/apache/generic_vhost.erb
index 9a581d5..3d60121 100644
--- a/templates/apache/generic_vhost.erb
+++ b/templates/apache/generic_vhost.erb
@@ -58,12 +58,10 @@
     ServerAdmin <%= @server_admin %>
 
     SSLEngine on
-    SSLProtocol +ALL -SSLv2
-    SSLCipherSuite 
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:AES128:AES256:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!DH
-    SSLHonorCipherOrder on
     SSLCertificateFile <%= @certfile %>
     SSLCertificateKeyFile <%= @certkey %>
     SSLCACertificatePath /etc/ssl/certs
+    $ssl_settings = ssl_ciphersuite('apache-2.2', 'compat')
 
 <% if @docroot -%>
     DocumentRoot <%= @docroot %>

-- 
To view, visit https://gerrit.wikimedia.org/r/153971
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I2de1a07139db60cbcbc6956069e073f16355b903
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to