Merge ~pjdc/ubuntu-mirror-charm/+git/ubuntu-mirror-charm:disable-old-tls-versions into ubuntu-mirror-charm:master

Proposed by Paul Collins
Status: Merged
Approved by: Haw Loeung
Approved revision: 3bd43030a7e74d27d7eff8cf0f32fa55564cd2e0
Merged at revision: a59f6542c74c113e1419ee66a3f0700816dabb07
Proposed branch: ~pjdc/ubuntu-mirror-charm/+git/ubuntu-mirror-charm:disable-old-tls-versions
Merge into: ubuntu-mirror-charm:master
Diff against target: 14 lines (+2/-1)
1 file modified
hooks/hooks.py (+2/-1)
Reviewer Review Type Date Requested Status
Haw Loeung Approve
John Losito (community) Approve
Canonical IS Reviewers Pending
Review via email: mp+381273@code.launchpad.net

Commit message

disable TLS versions < 1.2

To post a comment you must log in.
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

This merge proposal is being monitored by mergebot. Change the status to Approved to merge.

Revision history for this message
John Losito (jlosito) :
review: Approve
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change has no commit message, setting status to needs review.

Revision history for this message
Haw Loeung (hloeung) wrote :

Added commit msg and approved.

review: Approve
Revision history for this message
🤖 Canonical IS Merge Bot (canonical-is-mergebot) wrote :

Change successfully merged at revision a59f6542c74c113e1419ee66a3f0700816dabb07

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/hooks/hooks.py b/hooks/hooks.py
2index 9e9116e..448c752 100755
3--- a/hooks/hooks.py
4+++ b/hooks/hooks.py
5@@ -44,7 +44,8 @@ conf = Config()
6 apache_tls_settings = {
7 'ssl_cipher_suite': 'EECDH+AESGCM+AES128:EDH+AESGCM+AES128:EECDH+AES128:EDH+AES128:ECDH+AESGCM+AES128:aRSA+AESGCM+AES128:ECDH+AES128:DH+AES128:aRSA+AES128:EECDH+AESGCM:EDH+AESGCM:EECDH:EDH:ECDH+AESGCM:aRSA+AESGCM:ECDH:DH:aRSA:HIGH:!MEDIUM:!aNULL:!NULL:!LOW:!3DES:!DSS:!EXP:!PSK:!SRP',
8 'ssl_honor_cipher_order': 'on',
9- 'ssl_protocol': 'ALL -SSLv2 -SSLv3',
10+ # per IS policy, TLS 1.2 is the minimum acceptable version
11+ 'ssl_protocol': 'ALL -SSLv2 -SSLv3 -TLSv1 -TLSv1.1',
12 }
13
14 required_pkgs = [

Subscribers

People subscribed via source and target branches