Update default SSL cipher list and remove tilecache override

author Tom Hughes <tom@compton.nu>

Fri, 26 Aug 2016 18:10:35 +0000 (19:10 +0100)

committer Tom Hughes <tom@compton.nu>

Fri, 26 Aug 2016 18:10:35 +0000 (19:10 +0100)
author Tom Hughes <tom@compton.nu>
Fri, 26 Aug 2016 18:10:35 +0000 (19:10 +0100)
committer Tom Hughes <tom@compton.nu>
Fri, 26 Aug 2016 18:10:35 +0000 (19:10 +0100)
diff --git a/.rubocop_todo.yml b/.rubocop_todo.yml

index 4a5009387c4292b8aaee0f5dc4813a8c99816906..6bc5812c04c9b3aafa49ff6ac99631e9f64e86d8 100644 (file)
--- a/.rubocop_todo.yml
+++ b/.rubocop_todo.yml
@@ -22,7 +22,7 @@ Metrics/CyclomaticComplexity:
  # Offense count: 338
  # Configuration parameters: AllowURI, URISchemes.
  Metrics/LineLength:
  # Offense count: 338
  # Configuration parameters: AllowURI, URISchemes.
  Metrics/LineLength:
-  Max: 451
+  Max: 696
  
  # Offense count: 23
  # Configuration parameters: CountComments.
  
  # Offense count: 23
  # Configuration parameters: CountComments.
diff --git a/cookbooks/ssl/attributes/default.rb b/cookbooks/ssl/attributes/default.rb

index 2804f6ea53ee85e8cecbb929a17f4ce9b130f30c..5db9abbb2ecb87275115001a93adbe4e2bc89ae4 100644 (file)
--- a/cookbooks/ssl/attributes/default.rb
+++ b/cookbooks/ssl/attributes/default.rb
@@ -1,2 +1,2 @@
  default[:ssl][:certificates] = []
  default[:ssl][:certificates] = []
-default[:ssl][:ciphers] = "aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5"
+default[:ssl][:ciphers] = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
diff --git a/roles/tilecache.rb b/roles/tilecache.rb

index 6ae82d476982424557db4ef706394d7729727947..438f61992d27d2395a15ef38f5b3a61c6add9f6c 100644 (file)
--- a/roles/tilecache.rb
+++ b/roles/tilecache.rb
@@ -31,9 +31,6 @@ default_attributes(
          "vm.swappiness" => "30"
        }
      }
          "vm.swappiness" => "30"
        }
      }
-  },
-  :ssl => {
-    :ciphers => "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
    }
  )
  
    }
  )
author	Tom Hughes <tom@compton.nu>
	Fri, 26 Aug 2016 18:10:35 +0000 (19:10 +0100)
committer	Tom Hughes <tom@compton.nu>
	Fri, 26 Aug 2016 18:10:35 +0000 (19:10 +0100)
.rubocop_todo.yml		patch \| blob \| history
cookbooks/ssl/attributes/default.rb		patch \| blob \| history
roles/tilecache.rb		patch \| blob \| history