Hi,
Sorry for the mistake in the previous one: I had specified the name of the cipher, which
is not the same as the OpenSSL cipher spec.
Here another patch that does the same but now actually uses the correct cipher spec (and
so works).
The only change wrt the previous patch is that the cipher name
(TLS_RSA_WITH_AES_256_CBC_SHA) has been replaced with the cipher spec (AES256-SHA).
From 1833afa7dd674059a1d1e250a9924315bece044f Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk(a)redhat.com>
Date: Fri, 21 Nov 2014 04:05:54 +0000
Subject: [PATCH] Now really enable the correct cipher.
OpenSSL AES256-SHA = TLS_RSA_WITH_AES_256_CBC_SHA
---
.../download/files/httpd/dl.fedoraproject.org.conf | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/roles/download/files/httpd/dl.fedoraproject.org.conf
b/roles/download/files/httpd/dl.fedoraproject.org.conf
index 7be586c..aaa3872 100644
--- a/roles/download/files/httpd/dl.fedoraproject.org.conf
+++ b/roles/download/files/httpd/dl.fedoraproject.org.conf
@@ -25,7 +25,7 @@
# modules/squid/files/squid.conf-el6 too, to keep it in sync.
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
- SSLCipherSuite
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
+ SSLCipherSuite
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
Include "conf.d/dl.fedoraproject.org/*.conf"
</VirtualHost>
--
1.7.2.1
With kind regards,
Patrick Uiterwijk
Associate Software Engineer, Red Hat
----- Original Message -----
On Thu, Nov 20, 2014 at 04:17:50PM -0500, Patrick Uiterwijk wrote:
> Hi all,
>
> Since
boot.fedoraproject.org does not support (EC)DHE_ ciphers, the
> attached patch will add support for RSA_WITH_AES_256_CBC_SHA256 to
>
dl*.fedoraproject.org.
> Please +1 or -2?
>
+1
-Toshio
_______________________________________________
infrastructure mailing list
infrastructure(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/infrastructure