Page MenuHomePhabricator
Create Task
Maniphest T307510

Update tls proxy config for Bullseye
Closed, ResolvedPublic
Actions

Description

The version of nginx that ships with Bullseye does not support the $ssl_ecdhe_curve directive.

As the Swift team did, we need to update our puppet code to disable this directive on Bullseye hosts.

Details

SubjectRepoBranchLines +/-
tlsproxy: manage ssl_ecdhe_curve internallyoperations/puppetproduction+23 -52
elastic: enable/disable ssl_ecdhe_curve based on OS versionoperations/puppetproduction+49 -31
Customize query in gerrit

Related Objects
Search...

Event Timeline

bking created this task.May 3 2022, 9:05 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 3 2022, 9:05 PM
bking added a parent task: T299797: Deploy new bullseye elastic cluster nodes on deployment-prep.May 3 2022, 9:05 PM
gerritbot added a comment.May 3 2022, 10:20 PM

Change 788815 had a related patch set uploaded (by Bking; author: Bking):

[operations/puppet@production] elastic: enable/disable ssl_ecdhe_curve based on OS version

https://gerrit.wikimedia.org/r/788815

gerritbot added a project: Patch-For-Review.May 3 2022, 10:20 PM
gerritbot added a comment.May 5 2022, 8:23 AM

Change 789559 had a related patch set uploaded (by Gehel; author: Gehel):

[operations/puppet@production] tlsproxy: manage ssl_ecdhe_curve internally

https://gerrit.wikimedia.org/r/789559

gerritbot added a comment.May 5 2022, 2:22 PM

Change 788815 merged by Bking:

[operations/puppet@production] elastic: enable/disable ssl_ecdhe_curve based on OS version

https://gerrit.wikimedia.org/r/788815

Gehel closed this task as Resolved.Jul 20 2022, 3:06 PM
gerritbot added a comment.Feb 23 2024, 3:41 PM

Change 789559 abandoned by Gehel:

[operations/puppet@production] tlsproxy: manage ssl_ecdhe_curve internally

Reason:

we don't support stretch anymore

https://gerrit.wikimedia.org/r/789559

Maintenance_bot removed a project: Patch-For-Review.Feb 23 2024, 4:30 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL