BBlack has submitted this change and it was merged.
Change subject: ssl_ciphersuite: add ECDHE+3DES options
......................................................................
ssl_ciphersuite: add ECDHE+3DES options
This adds two new cipher options for ECHDE-ECDSA and ECHDE-RSA
with 3DES as the cipher, appropriately sorted with the others by
existing rules (in the mid list since they're forward secret, and
above all DHE- options, but below the similar AES-based options).
No well-known / common clients would take this option that we're
aware of, but it makes logical sense to offer it in case of
strange corner-case clients we're not thinking of, which might
gain forward-secrecy and/or avoid DHE incompatibility through
using these options. There are known common clients which
implement these choices, but they also implement slightly-better
choices that we'd still prefer over these.
Change-Id: I0dd877c3e790e9b8c26255efe4d4ce9afcee38e4
---
M modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
1 file changed, 3 insertions(+), 1 deletion(-)
Approvals:
Chmarkine: Looks good to me, but someone else must approve
JanZerebecki: Looks good to me, but someone else must approve
BBlack: Looks good to me, approved
jenkins-bot: Verified
Dzahn: Looks good to me, but someone else must approve
diff --git a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
index 709e906..82293af 100644
--- a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
+++ b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
@@ -95,6 +95,8 @@
'ECDHE-RSA-AES256-SHA384',
'ECDHE-ECDSA-AES256-SHA',
'ECDHE-RSA-AES256-SHA',
+ 'ECDHE-ECDSA-DES-CBC3-SHA',
+ 'ECDHE-RSA-DES-CBC3-SHA',
'DHE-RSA-AES128-SHA256',
'DHE-RSA-AES128-SHA',
'DHE-RSA-AES256-SHA256',
@@ -110,7 +112,7 @@
'AES128-SHA',
'AES256-SHA256',
'AES256-SHA',
- 'DES-CBC3-SHA', # Only for IE8/XP at this point, I think
+ 'DES-CBC3-SHA', # Mostly IE7-8 on XP
],
}
--
To view, visit https://gerrit.wikimedia.org/r/249017
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I0dd877c3e790e9b8c26255efe4d4ce9afcee38e4
Gerrit-PatchSet: 2
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <[email protected]>
Gerrit-Reviewer: BBlack <[email protected]>
Gerrit-Reviewer: Chmarkine <[email protected]>
Gerrit-Reviewer: Dzahn <[email protected]>
Gerrit-Reviewer: Faidon Liambotis <[email protected]>
Gerrit-Reviewer: Giuseppe Lavagetto <[email protected]>
Gerrit-Reviewer: JanZerebecki <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
