Closed Bug 1046443 Opened 11 years ago Closed 11 years ago

Enable TLS 1.2 and better ciphersuites on BMO

Categories

(bugzilla.mozilla.org :: Infrastructure, defect)

Product:
bugzilla.mozilla.org
Component:
Infrastructure
Version:
Production
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 914065

People

(Reporter: mt, Unassigned)

Details

BMO doesn't do TLS 1.2. BMO also negotiates a finite field ephemeral Diffie-Hellman cipher suite (i.e., TLS_DHE_*, which is massively expensive in terms of CPU. These features should be available in openssl, and I know that Heartbleed would have caused this to be updated recently. I assume that the Apache mod_ssl config needs updating. SSLCipherSuite can be set to include ECDHE. Enabling AES_GCM is a good idea too. SSLProtocol can be set to include TLS 1.2. This is independent of the bugzilla version.
the load balancer handling traffic to bmo doesn't currently support tls 1.2 :(
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.