Ryan Lane has uploaded a new change for review.
https://gerrit.wikimedia.org/r/76556
Change subject: Enable tls1.1/1.2 for nginx
......................................................................
Enable tls1.1/1.2 for nginx
Change-Id: If6a97427092030e279f499263d50a13d275a4738
---
M templates/nginx/nginx.conf.erb
1 file changed, 1 insertion(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/56/76556/1
diff --git a/templates/nginx/nginx.conf.erb b/templates/nginx/nginx.conf.erb
index f380d81..9dc7d18 100644
--- a/templates/nginx/nginx.conf.erb
+++ b/templates/nginx/nginx.conf.erb
@@ -62,7 +62,7 @@
# so we are allowing 200,000 active sessions.
ssl_session_cache shared:SSL:50m;
# SSLv2 is insecure, only allow SSLv3 and TLSv1
- ssl_protocols SSLv3 TLSv1;
+ ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
# Limit ciphers allowed
ssl_ciphers RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA;
# Prefer server ciphers (Prefer RC4 first to combat BEAST)
--
To view, visit https://gerrit.wikimedia.org/r/76556
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: If6a97427092030e279f499263d50a13d275a4738
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ryan Lane <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
