Update default SSL cipher list and remove tilecache override
authorTom Hughes <tom@compton.nu>
Fri, 26 Aug 2016 18:10:35 +0000 (19:10 +0100)
committerTom Hughes <tom@compton.nu>
Fri, 26 Aug 2016 18:10:35 +0000 (19:10 +0100)
.rubocop_todo.yml
cookbooks/ssl/attributes/default.rb
roles/tilecache.rb

index 4a5009387c4292b8aaee0f5dc4813a8c99816906..6bc5812c04c9b3aafa49ff6ac99631e9f64e86d8 100644 (file)
@@ -22,7 +22,7 @@ Metrics/CyclomaticComplexity:
 # Offense count: 338
 # Configuration parameters: AllowURI, URISchemes.
 Metrics/LineLength:
-  Max: 451
+  Max: 696
 
 # Offense count: 23
 # Configuration parameters: CountComments.
index 2804f6ea53ee85e8cecbb929a17f4ce9b130f30c..5db9abbb2ecb87275115001a93adbe4e2bc89ae4 100644 (file)
@@ -1,2 +1,2 @@
 default[:ssl][:certificates] = []
-default[:ssl][:ciphers] = "aRSA+HIGH:+kEDH:+kRSA:!kSRP:!kPSK:+3DES:!MD5"
+default[:ssl][:ciphers] = "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
index 6ae82d476982424557db4ef706394d7729727947..438f61992d27d2395a15ef38f5b3a61c6add9f6c 100644 (file)
@@ -31,9 +31,6 @@ default_attributes(
         "vm.swappiness" => "30"
       }
     }
-  },
-  :ssl => {
-    :ciphers => "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS"
   }
 )