Dzahn has submitted this change and it was merged.
Change subject: dynamicproxy - disable SSLv3
......................................................................
dynamicproxy - disable SSLv3
Change-Id: I77191afc8046c3cd2fefee7e8a32657f45537d68
---
M modules/dynamicproxy/templates/urlproxy.conf
1 file changed, 2 insertions(+), 2 deletions(-)
Approvals:
JanZerebecki: Looks good to me, but someone else must approve
John F. Lewis: Looks good to me, but someone else must approve
jenkins-bot: Verified
Dzahn: Looks good to me, approved
diff --git a/modules/dynamicproxy/templates/urlproxy.conf
b/modules/dynamicproxy/templates/urlproxy.conf
index 45e1704..83ced67 100644
--- a/modules/dynamicproxy/templates/urlproxy.conf
+++ b/modules/dynamicproxy/templates/urlproxy.conf
@@ -45,8 +45,8 @@
# so we are allowing 200,000 active sessions.
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
- # SSLv2 is insecure, only allow SSLv3 and TLSv1
- ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
+ # SSLv2 and v3 are insecure, only allow TLS
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# Limit ciphers allowed
# We strongly prefer forward-secret chiphers using ECDHE and GCM for
encrypting
# data, for performance reasons
--
To view, visit https://gerrit.wikimedia.org/r/169949
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I77191afc8046c3cd2fefee7e8a32657f45537d68
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Dzahn <[email protected]>
Gerrit-Reviewer: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: JanZerebecki <[email protected]>
Gerrit-Reviewer: John F. Lewis <[email protected]>
Gerrit-Reviewer: coren <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
