[MediaWiki-commits] [Gerrit] operations/puppet[production]: ciphersuite: remove chapoly draft-mode ciphers
BBlack has submitted this change and it was merged. Change subject: ciphersuite: remove chapoly draft-mode ciphers .. ciphersuite: remove chapoly draft-mode ciphers These will go away implicitly when we switch to openssl-1.1.0, so we should make this transition first if we can to separate the effects we see in graphs. Currently ~3.8% of clients are using this. That number has been on the decline, and those clients should revert to the same strong (but slower, for them) AES-GCM options they had before we deployed the chapoly patches. The clients can fix this on their own by upgrading Chrome. Some percentage is coming from a Google Search App on iOS that has yet to see an RFC chapoly release, but I don't think we care much about it in the net. Change-Id: Id7b7bb38b2e55df17e1a1c7f942e693535ce00dd --- M modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb 1 file changed, 0 insertions(+), 2 deletions(-) Approvals: BBlack: Verified; Looks good to me, approved diff --git a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb index d8bad83..b690a17 100644 --- a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb +++ b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb @@ -94,8 +94,6 @@ '-ALL', 'ECDHE-ECDSA-CHACHA20-POLY1305', # openssl-1.1.0, 1.0.2+cloudflare 'ECDHE-RSA-CHACHA20-POLY1305', # openssl-1.1.0, 1.0.2+cloudflare - 'ECDHE-ECDSA-CHACHA20-POLY1305-D', # 1.0.2+cloudflare - 'ECDHE-RSA-CHACHA20-POLY1305-D', # 1.0.2+cloudflare 'ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES128-GCM-SHA256', -- To view, visit https://gerrit.wikimedia.org/r/311700 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Id7b7bb38b2e55df17e1a1c7f942e693535ce00dd Gerrit-PatchSet: 3 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: BBlackGerrit-Reviewer: BBlack Gerrit-Reviewer: jenkins-bot <> ___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
[MediaWiki-commits] [Gerrit] operations/puppet[production]: ciphersuite: remove chapoly draft-mode ciphers
BBlack has uploaded a new change for review. https://gerrit.wikimedia.org/r/311700 Change subject: ciphersuite: remove chapoly draft-mode ciphers .. ciphersuite: remove chapoly draft-mode ciphers These will go away implicitly when we switch to openssl-1.1.0, so we should make this transition first if we can to separate the effects we see in graphs. Currently ~3.8% of clients are using this. That number has been on the decline, and those clients should revert to the same strong (but slower, for them) AES-GCM options they had before we deployed the chapoly patches. The clients can fix this on their own by upgrading Chrome. Some percentage is coming from a Google Search App on iOS that has yet to see an RFC chapoly release, but I don't think we care much about it in the net. Change-Id: Id7b7bb38b2e55df17e1a1c7f942e693535ce00dd --- M modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb 1 file changed, 0 insertions(+), 2 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/00/311700/1 diff --git a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb index d8bad83..b690a17 100644 --- a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb +++ b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb @@ -94,8 +94,6 @@ '-ALL', 'ECDHE-ECDSA-CHACHA20-POLY1305', # openssl-1.1.0, 1.0.2+cloudflare 'ECDHE-RSA-CHACHA20-POLY1305', # openssl-1.1.0, 1.0.2+cloudflare - 'ECDHE-ECDSA-CHACHA20-POLY1305-D', # 1.0.2+cloudflare - 'ECDHE-RSA-CHACHA20-POLY1305-D', # 1.0.2+cloudflare 'ECDHE-ECDSA-AES128-GCM-SHA256', 'ECDHE-ECDSA-AES256-GCM-SHA384', 'ECDHE-RSA-AES128-GCM-SHA256', -- To view, visit https://gerrit.wikimedia.org/r/311700 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Id7b7bb38b2e55df17e1a1c7f942e693535ce00dd Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: BBlack___ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits