[MediaWiki-commits] [Gerrit] operations/puppet[production]: ssl_ciphersuite: switch AES bits order for GCM

Wed, 19 Oct 2016 14:28:16 -0700 

BBlack has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/316891

Change subject: ssl_ciphersuite: switch AES bits order for GCM
......................................................................

ssl_ciphersuite: switch AES bits order for GCM

Bug: T144626
Change-Id: I1c56988937676357d8e312dc83ce3ba6c004f8d4
---
M modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
1 file changed, 3 insertions(+), 3 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/91/316891/1

diff --git a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb 
b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
index 63663cb..6143766 100644
--- a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
+++ b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
@@ -69,7 +69,7 @@
   # 2) Mac:  AEAD > ALL       (AES-GCM/CHAPOLY > Others)
   # 3) Enc:  CHAPOLY > AESGCM (Old client perf, sec)
   # 4) Kx:   ECDHE > DHE      (Perf, mostly)
-  # 5) Enc:  AES128 > AES256  (Perf, mostly - debateable...)
+  # 5) Enc:  AES256 > AES128  (sec)
   # 6) Auth: ECDSA > RSA      (Perf, mostly)
   #
   # After all of that, the fullest list of reasonably-acceptable mid/compat
@@ -91,10 +91,10 @@
       '-ALL',
       'ECDHE-ECDSA-CHACHA20-POLY1305',   # openssl-1.1.0, 1.0.2+cloudflare
       'ECDHE-RSA-CHACHA20-POLY1305',     # openssl-1.1.0, 1.0.2+cloudflare
-      'ECDHE-ECDSA-AES128-GCM-SHA256',
-      'ECDHE-RSA-AES128-GCM-SHA256',
       'ECDHE-ECDSA-AES256-GCM-SHA384',
       'ECDHE-RSA-AES256-GCM-SHA384',
+      'ECDHE-ECDSA-AES128-GCM-SHA256',
+      'ECDHE-RSA-AES128-GCM-SHA256',
       'DHE-RSA-AES128-GCM-SHA256',
     ],
     # Forward-Secret, but not AEAD

-- 
To view, visit https://gerrit.wikimedia.org/r/316891
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I1c56988937676357d8e312dc83ce3ba6c004f8d4
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack <bbl...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to