FIX Freeze break request: adding cipher to dl*.fedoraproject.org for BFO

Fri Nov 21 06:39:41 UTC 2014

On Thu, Nov 20, 2014 at 11:10:07PM -0500, Patrick Uiterwijk wrote:
> Hi,
> 
> Sorry for the mistake in the previous one: I had specified the name of the cipher, which is not the same as the OpenSSL cipher spec.
> Here another patch that does the same but now actually uses the correct cipher spec (and so works).
> The only change wrt the previous patch is that the cipher name (TLS_RSA_WITH_AES_256_CBC_SHA) has been replaced with the cipher spec (AES256-SHA).
> 
> 
> From 1833afa7dd674059a1d1e250a9924315bece044f Mon Sep 17 00:00:00 2001
> From: Patrick Uiterwijk <puiterwijk at redhat.com>
> Date: Fri, 21 Nov 2014 04:05:54 +0000
> Subject: [PATCH] Now really enable the correct cipher.
> 
> OpenSSL AES256-SHA = TLS_RSA_WITH_AES_256_CBC_SHA
> ---
>  .../download/files/httpd/dl.fedoraproject.org.conf |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/roles/download/files/httpd/dl.fedoraproject.org.conf b/roles/download/files/httpd/dl.fedoraproject.org.conf
> index 7be586c..aaa3872 100644
> --- a/roles/download/files/httpd/dl.fedoraproject.org.conf
> +++ b/roles/download/files/httpd/dl.fedoraproject.org.conf
> @@ -25,7 +25,7 @@
>    # modules/squid/files/squid.conf-el6 too, to keep it in sync.
> 
>     SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
> -   SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
> +   SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
> 
>    Include "conf.d/dl.fedoraproject.org/*.conf"
>  </VirtualHost>
> -- 

+1

Pierre