BBlack has submitted this change and it was merged.

Change subject: ciphersuite: remove chapoly draft-mode ciphers
......................................................................


ciphersuite: remove chapoly draft-mode ciphers

These will go away implicitly when we switch to openssl-1.1.0, so
we should make this transition first if we can to separate the
effects we see in graphs.

Currently ~3.8% of clients are using this.  That number has been
on the decline, and those clients should revert to the same strong
(but slower, for them) AES-GCM options they had before we deployed
the chapoly patches.  The clients can fix this on their own by
upgrading Chrome.  Some percentage is coming from a Google Search
App on iOS that has yet to see an RFC chapoly release, but I don't
think we care much about it in the net.

Change-Id: Id7b7bb38b2e55df17e1a1c7f942e693535ce00dd
---
M modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
1 file changed, 0 insertions(+), 2 deletions(-)

Approvals:
  BBlack: Verified; Looks good to me, approved



diff --git a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb 
b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
index d8bad83..b690a17 100644
--- a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
+++ b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
@@ -94,8 +94,6 @@
       '-ALL',
       'ECDHE-ECDSA-CHACHA20-POLY1305',   # openssl-1.1.0, 1.0.2+cloudflare
       'ECDHE-RSA-CHACHA20-POLY1305',     # openssl-1.1.0, 1.0.2+cloudflare
-      'ECDHE-ECDSA-CHACHA20-POLY1305-D', # 1.0.2+cloudflare
-      'ECDHE-RSA-CHACHA20-POLY1305-D',   # 1.0.2+cloudflare
       'ECDHE-ECDSA-AES128-GCM-SHA256',
       'ECDHE-ECDSA-AES256-GCM-SHA384',
       'ECDHE-RSA-AES128-GCM-SHA256',

-- 
To view, visit https://gerrit.wikimedia.org/r/311700
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Id7b7bb38b2e55df17e1a1c7f942e693535ce00dd
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <bbl...@wikimedia.org>
Gerrit-Reviewer: BBlack <bbl...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to