changed ssl cipher suites on dev/test-web(01/02)-pfizer-de

diff --git a/customer/pfizer/dev-web01-pfizer-de.pixelpark.net.yaml b/customer/pfizer/dev-web01-pfizer-de.pixelpark.net.yaml
index a8a3e92e45cb33bdb262d42e374e12c96e31753b..479cd9b21e13bd8bbcd23e1e62ed195607eb4e0a 100644 (file)
--- a/customer/pfizer/dev-web01-pfizer-de.pixelpark.net.yaml
+++ b/customer/pfizer/dev-web01-pfizer-de.pixelpark.net.yaml
@@ -82,6 +82,8 @@ infra::profile::drupal::projects:
     ssl_cert: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem
     ssl_chain: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem
     ssl_key: /etc/pki/tls/private/wildcard.pixelpark.net-key.pem
+    ssl_ciphers: 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'
+    ssl_protocols: 'TLSv1.2'
     #ssl_cipher              ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
     #SetEnvIf User-Agent         ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
     directories:
@@ -108,6 +110,8 @@ infra::profile::drupal::projects:
     ssl_cert: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem
     ssl_chain: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem
     ssl_key: /etc/pki/tls/private/wildcard.pixelpark.net-key.pem
+    ssl_ciphers: 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'
+    ssl_protocols: 'TLSv1.2'
 
 # dev-www.pfizer.de
 infra::profile::typo3::projects:
@@ -138,6 +142,8 @@ infra::profile::typo3::projects:
     ssl_cert: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem
     ssl_chain: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem
     ssl_key: /etc/pki/tls/private/wildcard.pixelpark.net-key.pem
+    ssl_ciphers: 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'
+    ssl_protocols: 'TLSv1.2'     
     directories:
       - provider: locationmatch
         path: '^/(?!(server-status|server-info))'

diff --git a/customer/pfizer/dev-web02-pfizer-de.pixelpark.net.yaml b/customer/pfizer/dev-web02-pfizer-de.pixelpark.net.yaml
index 2fbd95e130996c13be40a0b9346833f4824e3dd0..c4e1a7b8fabcef5bd49fa183e1b06781b7cd9e20 100644 (file)
--- a/customer/pfizer/dev-web02-pfizer-de.pixelpark.net.yaml
+++ b/customer/pfizer/dev-web02-pfizer-de.pixelpark.net.yaml
@@ -68,6 +68,9 @@ infra::profile::typo3::projects:
     ssl_cert: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem
     ssl_chain: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem
     ssl_key: /etc/pki/tls/private/wildcard.pixelpark.net-key.pem
+    ssl_ciphers: 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'
+    ssl_protocols: 'TLSv1.2' 
+
     #ssl_cipher:    ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
     #SetEnvIf User-Agent   ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
     directories:

diff --git a/customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml b/customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml
index 4de6f882c235efd5c8015d31e4365e6eda3e0246..fe233609da31b27afeeafb997afff094466e2068 100644 (file)
--- a/customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml
+++ b/customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml
@@ -58,6 +58,8 @@ infra::profile::drupal::projects:
     ssl_cert: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem
     ssl_chain: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem
     ssl_key: /etc/pki/tls/private/wildcard.pixelpark.net-key.pem
+    ssl_ciphers: 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'
+    ssl_protocols: 'TLSv1.2'
     directories:
       - directory_root:
         provider: directory
@@ -125,6 +127,8 @@ infra::profile::typo3::projects:
     ssl_cert: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem
     ssl_chain: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem
     ssl_key: /etc/pki/tls/private/wildcard.pixelpark.net-key.pem
+    ssl_ciphers: 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'
+    ssl_protocols: 'TLSv1.2'     
     headers:
       - 'set X-Frame-Options: ALLOW-FROM=http://pfizerprodedev8.prod.acquia-sites.com/'
       - 'set X-XSS-Protection: "1; mode=block"'