Enable TLS 1.2 and better ciphersuites on BMO

RESOLVED DUPLICATE of bug 914065

Status

()

RESOLVED DUPLICATE of bug 914065
4 years ago
4 years ago

People

(Reporter: mt, Unassigned)

Tracking

Production

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 years ago
BMO doesn't do TLS 1.2.

BMO also negotiates a finite field ephemeral Diffie-Hellman cipher suite (i.e., TLS_DHE_*, which is massively expensive in terms of CPU.

These features should be available in openssl, and I know that Heartbleed would have caused this to be updated recently.  I assume that the Apache mod_ssl config needs updating.

SSLCipherSuite can be set to include ECDHE.  Enabling AES_GCM is a good idea too.

SSLProtocol can be set to include TLS 1.2.

This is independent of the bugzilla version.
the load balancer handling traffic to bmo doesn't currently support tls 1.2 :(
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 914065
You need to log in before you can comment on or make changes to this bug.