Ryan Lane has submitted this change and it was merged.
Change subject: Enable tls1.1/1.2 for nginx
......................................................................
Enable tls1.1/1.2 for nginx
Change-Id: If6a97427092030e279f499263d50a13d275a4738
---
M templates/nginx/nginx.conf.erb
1 file changed, 1 insertion(+), 1 deletion(-)
Approvals:
Ryan Lane: Looks good to me, approved
jenkins-bot: Verified
diff --git a/templates/nginx/nginx.conf.erb b/templates/nginx/nginx.conf.erb
index f380d81..9dc7d18 100644
--- a/templates/nginx/nginx.conf.erb
+++ b/templates/nginx/nginx.conf.erb
@@ -62,7 +62,7 @@
# so we are allowing 200,000 active sessions.
ssl_session_cache shared:SSL:50m;
# SSLv2 is insecure, only allow SSLv3 and TLSv1
- ssl_protocols SSLv3 TLSv1;
+ ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
# Limit ciphers allowed
ssl_ciphers RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA;
# Prefer server ciphers (Prefer RC4 first to combat BEAST)
--
To view, visit https://gerrit.wikimedia.org/r/76556
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: If6a97427092030e279f499263d50a13d275a4738
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Ryan Lane <[email protected]>
Gerrit-Reviewer: Ryan Lane <[email protected]>
Gerrit-Reviewer: jenkins-bot
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
