Closed
Bug 1046443
Opened 11 years ago
Closed 11 years ago
Enable TLS 1.2 and better ciphersuites on BMO
Categories
(bugzilla.mozilla.org :: Infrastructure, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 914065
People
(Reporter: mt, Unassigned)
Details
BMO doesn't do TLS 1.2.
BMO also negotiates a finite field ephemeral Diffie-Hellman cipher suite (i.e., TLS_DHE_*, which is massively expensive in terms of CPU.
These features should be available in openssl, and I know that Heartbleed would have caused this to be updated recently. I assume that the Apache mod_ssl config needs updating.
SSLCipherSuite can be set to include ECDHE. Enabling AES_GCM is a good idea too.
SSLProtocol can be set to include TLS 1.2.
This is independent of the bugzilla version.
the load balancer handling traffic to bmo doesn't currently support tls 1.2 :(
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•