FIX Freeze break request: adding cipher to dl*.fedoraproject.org for BFO
Pierre-Yves Chibon
pingou at pingoured.fr
Fri Nov 21 06:39:41 UTC 2014
On Thu, Nov 20, 2014 at 11:10:07PM -0500, Patrick Uiterwijk wrote:
> Hi,
>
> Sorry for the mistake in the previous one: I had specified the name of the cipher, which is not the same as the OpenSSL cipher spec.
> Here another patch that does the same but now actually uses the correct cipher spec (and so works).
> The only change wrt the previous patch is that the cipher name (TLS_RSA_WITH_AES_256_CBC_SHA) has been replaced with the cipher spec (AES256-SHA).
>
>
> From 1833afa7dd674059a1d1e250a9924315bece044f Mon Sep 17 00:00:00 2001
> From: Patrick Uiterwijk <puiterwijk at redhat.com>
> Date: Fri, 21 Nov 2014 04:05:54 +0000
> Subject: [PATCH] Now really enable the correct cipher.
>
> OpenSSL AES256-SHA = TLS_RSA_WITH_AES_256_CBC_SHA
> ---
> .../download/files/httpd/dl.fedoraproject.org.conf | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/roles/download/files/httpd/dl.fedoraproject.org.conf b/roles/download/files/httpd/dl.fedoraproject.org.conf
> index 7be586c..aaa3872 100644
> --- a/roles/download/files/httpd/dl.fedoraproject.org.conf
> +++ b/roles/download/files/httpd/dl.fedoraproject.org.conf
> @@ -25,7 +25,7 @@
> # modules/squid/files/squid.conf-el6 too, to keep it in sync.
>
> SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
> - SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
> + SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
>
> Include "conf.d/dl.fedoraproject.org/*.conf"
> </VirtualHost>
> --
+1
Pierre
More information about the infrastructure
mailing list