subject:"\[MediaWiki\-commits\] \[Gerrit\] operations\/puppet\[production\]\: ciphersuite\: remove chapoly draft\-mode ciphers"

[MediaWiki-commits] [Gerrit] operations/puppet[production]: ciphersuite: remove chapoly draft-mode ciphers

2016-09-20 Thread BBlack (Code Review)

BBlack has submitted this change and it was merged.

Change subject: ciphersuite: remove chapoly draft-mode ciphers
..


ciphersuite: remove chapoly draft-mode ciphers

These will go away implicitly when we switch to openssl-1.1.0, so
we should make this transition first if we can to separate the
effects we see in graphs.

Currently ~3.8% of clients are using this.  That number has been
on the decline, and those clients should revert to the same strong
(but slower, for them) AES-GCM options they had before we deployed
the chapoly patches.  The clients can fix this on their own by
upgrading Chrome.  Some percentage is coming from a Google Search
App on iOS that has yet to see an RFC chapoly release, but I don't
think we care much about it in the net.

Change-Id: Id7b7bb38b2e55df17e1a1c7f942e693535ce00dd
---
M modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
1 file changed, 0 insertions(+), 2 deletions(-)

Approvals:
  BBlack: Verified; Looks good to me, approved



diff --git a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb 
b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
index d8bad83..b690a17 100644
--- a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
+++ b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
@@ -94,8 +94,6 @@
   '-ALL',
   'ECDHE-ECDSA-CHACHA20-POLY1305',   # openssl-1.1.0, 1.0.2+cloudflare
   'ECDHE-RSA-CHACHA20-POLY1305', # openssl-1.1.0, 1.0.2+cloudflare
-  'ECDHE-ECDSA-CHACHA20-POLY1305-D', # 1.0.2+cloudflare
-  'ECDHE-RSA-CHACHA20-POLY1305-D',   # 1.0.2+cloudflare
   'ECDHE-ECDSA-AES128-GCM-SHA256',
   'ECDHE-ECDSA-AES256-GCM-SHA384',
   'ECDHE-RSA-AES128-GCM-SHA256',

-- 
To view, visit https://gerrit.wikimedia.org/r/311700
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: Id7b7bb38b2e55df17e1a1c7f942e693535ce00dd
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack 
Gerrit-Reviewer: BBlack 
Gerrit-Reviewer: jenkins-bot <>

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: ciphersuite: remove chapoly draft-mode ciphers

2016-09-20 Thread BBlack (Code Review)

BBlack has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/311700

Change subject: ciphersuite: remove chapoly draft-mode ciphers
..

ciphersuite: remove chapoly draft-mode ciphers

These will go away implicitly when we switch to openssl-1.1.0, so
we should make this transition first if we can to separate the
effects we see in graphs.

Currently ~3.8% of clients are using this.  That number has been
on the decline, and those clients should revert to the same strong
(but slower, for them) AES-GCM options they had before we deployed
the chapoly patches.  The clients can fix this on their own by
upgrading Chrome.  Some percentage is coming from a Google Search
App on iOS that has yet to see an RFC chapoly release, but I don't
think we care much about it in the net.

Change-Id: Id7b7bb38b2e55df17e1a1c7f942e693535ce00dd
---
M modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
1 file changed, 0 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/00/311700/1

diff --git a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb 
b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
index d8bad83..b690a17 100644
--- a/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
+++ b/modules/wmflib/lib/puppet/parser/functions/ssl_ciphersuite.rb
@@ -94,8 +94,6 @@
   '-ALL',
   'ECDHE-ECDSA-CHACHA20-POLY1305',   # openssl-1.1.0, 1.0.2+cloudflare
   'ECDHE-RSA-CHACHA20-POLY1305', # openssl-1.1.0, 1.0.2+cloudflare
-  'ECDHE-ECDSA-CHACHA20-POLY1305-D', # 1.0.2+cloudflare
-  'ECDHE-RSA-CHACHA20-POLY1305-D',   # 1.0.2+cloudflare
   'ECDHE-ECDSA-AES128-GCM-SHA256',
   'ECDHE-ECDSA-AES256-GCM-SHA384',
   'ECDHE-RSA-AES128-GCM-SHA256',

-- 
To view, visit https://gerrit.wikimedia.org/r/311700
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Id7b7bb38b2e55df17e1a1c7f942e693535ce00dd
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: BBlack 

___
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: ciphersuite: remove chapoly draft-mode ciphers

[MediaWiki-commits] [Gerrit] operations/puppet[production]: ciphersuite: remove chapoly draft-mode ciphers

2 matches

Site Navigation

Mail list logo

Footer information