Page MenuHomePhabricator

Disable TLSv1/TLSv1.1 on sites without caching layer
Open, MediumPublic

Description

Now that TLSv1/TLSv1.1 is getting deprecated/removed in our caching infrastructure as part of T238038, we should do the same with the services that provide their own TLS termination:

  • apt
  • archiva - no action needed
  • cloudelastic
  • dumps
  • gerrit
  • icinga - no action needed
  • cas-icinga - no action needed
  • idp
  • ldap
  • ldap-codfw1dev
  • ldap-labtest
  • librenms - no action needed
  • lists
  • mirrors
  • mx T203260
  • ncredir
  • netbox - no action needed
  • tendril - no action needed

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Vgutierrez triaged this task as Medium priority.Nov 18 2019, 8:00 AM
Vgutierrez updated the task description. (Show Details)

Change 551396 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] ssl_ciphersuite: Allow TLSv1/TLSv1.1 in compat mode only

https://gerrit.wikimedia.org/r/551396

Change 551413 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] idp: Set SSL compatibilty mode to strong

https://gerrit.wikimedia.org/r/551413

Change 551413 merged by Vgutierrez:
[operations/puppet@production] idp: Set SSL compatibilty mode to strong

https://gerrit.wikimedia.org/r/551413

Change 551396 merged by Vgutierrez:
[operations/puppet@production] ssl_ciphersuite: Allow TLSv1/TLSv1.1 in compat mode only

https://gerrit.wikimedia.org/r/551396

Change 565316 had a related patch set uploaded (by Vgutierrez; owner: Vgutierrez):
[operations/puppet@production] ncredir: Remove TLSv1.0 && TLSv1.1 support

https://gerrit.wikimedia.org/r/565316

Change 565316 merged by Vgutierrez:
[operations/puppet@production] ncredir: Remove TLSv1.0 && TLSv1.1 support

https://gerrit.wikimedia.org/r/565316