BMO doesn't do TLS 1.2. BMO also negotiates a finite field ephemeral Diffie-Hellman cipher suite (i.e., TLS_DHE_*, which is massively expensive in terms of CPU. These features should be available in openssl, and I know that Heartbleed would have caused this to be updated recently. I assume that the Apache mod_ssl config needs updating. SSLCipherSuite can be set to include ECDHE. Enabling AES_GCM is a good idea too. SSLProtocol can be set to include TLS 1.2. This is independent of the bugzilla version.
the load balancer handling traffic to bmo doesn't currently support tls 1.2 :(
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 914065
You need to log in before you can comment on or make changes to this bug.