From dd6082126cca1118e0c48e3a2aeebb25c4984a5b Mon Sep 17 00:00:00 2001 From: "sascha.strassheim" Date: Wed, 14 Feb 2018 12:58:44 +0100 Subject: [PATCH] changed ssl cipher suites on dev/test-web(01/02)-pfizer-de --- customer/pfizer/dev-web01-pfizer-de.pixelpark.net.yaml | 6 ++++++ customer/pfizer/dev-web02-pfizer-de.pixelpark.net.yaml | 3 +++ customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml | 4 ++++ 3 files changed, 13 insertions(+) diff --git a/customer/pfizer/dev-web01-pfizer-de.pixelpark.net.yaml b/customer/pfizer/dev-web01-pfizer-de.pixelpark.net.yaml index a8a3e92e..479cd9b2 100644 --- a/customer/pfizer/dev-web01-pfizer-de.pixelpark.net.yaml +++ b/customer/pfizer/dev-web01-pfizer-de.pixelpark.net.yaml @@ -82,6 +82,8 @@ infra::profile::drupal::projects: ssl_cert: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem ssl_chain: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem ssl_key: /etc/pki/tls/private/wildcard.pixelpark.net-key.pem + ssl_ciphers: 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH' + ssl_protocols: 'TLSv1.2' #ssl_cipher ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP #SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 directories: @@ -108,6 +110,8 @@ infra::profile::drupal::projects: ssl_cert: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem ssl_chain: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem ssl_key: /etc/pki/tls/private/wildcard.pixelpark.net-key.pem + ssl_ciphers: 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH' + ssl_protocols: 'TLSv1.2' # dev-www.pfizer.de infra::profile::typo3::projects: @@ -138,6 +142,8 @@ infra::profile::typo3::projects: ssl_cert: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem ssl_chain: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem ssl_key: /etc/pki/tls/private/wildcard.pixelpark.net-key.pem + ssl_ciphers: 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH' + ssl_protocols: 'TLSv1.2' directories: - provider: locationmatch path: '^/(?!(server-status|server-info))' diff --git a/customer/pfizer/dev-web02-pfizer-de.pixelpark.net.yaml b/customer/pfizer/dev-web02-pfizer-de.pixelpark.net.yaml index 2fbd95e1..c4e1a7b8 100644 --- a/customer/pfizer/dev-web02-pfizer-de.pixelpark.net.yaml +++ b/customer/pfizer/dev-web02-pfizer-de.pixelpark.net.yaml @@ -68,6 +68,9 @@ infra::profile::typo3::projects: ssl_cert: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem ssl_chain: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem ssl_key: /etc/pki/tls/private/wildcard.pixelpark.net-key.pem + ssl_ciphers: 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH' + ssl_protocols: 'TLSv1.2' + #ssl_cipher: ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP #SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 directories: diff --git a/customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml b/customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml index 4de6f882..fe233609 100644 --- a/customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml +++ b/customer/pfizer/test-web01-pfizer-de.pixelpark.net.yaml @@ -58,6 +58,8 @@ infra::profile::drupal::projects: ssl_cert: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem ssl_chain: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem ssl_key: /etc/pki/tls/private/wildcard.pixelpark.net-key.pem + ssl_ciphers: 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH' + ssl_protocols: 'TLSv1.2' directories: - directory_root: provider: directory @@ -125,6 +127,8 @@ infra::profile::typo3::projects: ssl_cert: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem ssl_chain: /etc/pki/tls/certs/wildcard.pixelpark.net-cert.pem ssl_key: /etc/pki/tls/private/wildcard.pixelpark.net-key.pem + ssl_ciphers: 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH' + ssl_protocols: 'TLSv1.2' headers: - 'set X-Frame-Options: ALLOW-FROM=http://pfizerprodedev8.prod.acquia-sites.com/' - 'set X-XSS-Protection: "1; mode=block"' -- 2.39.5