BBlack has submitted this change and it was merged. Change subject: ssl_ciphersuite: remove less-popular 3DES options ......................................................................
ssl_ciphersuite: remove less-popular 3DES options At the time these were first added, they were considered "better than nothing" in an effort to increase forward secrecy. In practice they're statistically-useless, so in the post-SWEET32 world we should remove them completely. Change-Id: I9d3433b5317e531cfaa760c7da06bcdd1df08a8b --- M modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb 1 file changed, 0 insertions(+), 5 deletions(-) Approvals: BBlack: Verified; Looks good to me, approved diff --git a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb index a339f9f..34a93bb 100644 --- a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb +++ b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb @@ -111,11 +111,6 @@ # not-forward-secret compat for ancient stuff 'compat' => [ 'AES128-SHA', # Mostly evil proxies, also ancient devices - # These 4 are forward-secret, but 3DES is borked now - 'ECDHE-ECDSA-DES-CBC3-SHA', - 'ECDHE-RSA-DES-CBC3-SHA', - 'DHE-RSA-DES-CBC3-SHA', # openssl-1.1.0 - 'EDH-RSA-DES-CBC3-SHA', # pre-1.1.0 name for the above 'DES-CBC3-SHA', # Mostly IE7-8 on XP, also ancient devices ], } -- To view, visit https://gerrit.wikimedia.org/r/308279 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: I9d3433b5317e531cfaa760c7da06bcdd1df08a8b Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: BBlack <bbl...@wikimedia.org> Gerrit-Reviewer: BBlack <bbl...@wikimedia.org> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits