After gathering some batches of 10 minutes traffic we need to validate the data with a 24 hours capture of User Agents using the AES128-SHA ciphersuite
Description
Details
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | BBlack | T118181 Planning for phasing out non-Forward-Secret TLS ciphers | |||
Resolved | Vgutierrez | T147202 Removing support for AES128-SHA TLS cipher | |||
Resolved | Vgutierrez | T192555 Begin execution of non-forward-secret ciphers deprecation | |||
Resolved | Vgutierrez | T193376 Gather 24h data cluster wide of AES128-SHA usage |
Event Timeline
Change 429810 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] varnishtlsinspector: send TLS connection details to logstash
Change 430593 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] varnishtlsinspector: send TLS connection details to logstash
Change 429810 abandoned by Vgutierrez:
varnishtlsinspector: send TLS connection details to logstash
Reason:
let's use the version that benefits from varnishlog refactor: https://gerrit.wikimedia.org/r/430593
Change 430593 merged by Vgutierrez:
[operations/puppet@production] varnishtlsinspector: send TLS connection details to logstash
Change 430600 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] varnishtlsinspector: fix class name (typo)
Change 430600 merged by Vgutierrez:
[operations/puppet@production] varnishtlsinspector: fix class name (typo)
Data is currently being gathered, it can be seen here: https://logstash.wikimedia.org/app/kibana#/discover/958769b0-4eef-11e8-8e04-89a38b6a810e?_g=()
Change 430911 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] varnishtlsinspector: Stop collecting TLS data
Change 430911 merged by Vgutierrez:
[operations/puppet@production] varnishtlsinspector: Stop collecting TLS data