Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-04-02 | Update TLS apache vhost TLS configuration (#5137): | Micah Anderson | |
. We want to allow for TLS1.2 to be enabled (supported in wheezy) . Explicitly disable SSLCompression. This aids in protecting against the BREACH attack: see http://breachattack.com), and SPDY version 3 is vulnerable to the CRIME attack when compression is on . Switch the cipher suites to match https://wiki.mozilla.org/Security/Server_Side_TLS#Apache for these reasons: . Prefer PFS, with ECDHE first then DHE (TLS 1.2, not many implementations support this, and there are no known attacks). . Prefer AES128 to AES256 because the key schedule in AES256 is considered weaker, and maybe AES128 is more resistant to timing attacks . Prefer AES to RC4. BEAST attacks on AES are mitigated in >=TLS1.1, and difficult in TLS1.0. They are not in RC4, and likely to become more dangerous . RC4 is on the path to removal, but still present for backward compatibility Change-Id: I99a7f0ebf2ac438f075835d1cb38f63080321043 | |||
2014-04-02 | Fix for satellite hosts that are unable to contact their relayhost | Micah Anderson | |
because the DNS lookup is either impossible (.local domain), or incorrect (certain openstack/amazon/piston cloud configurations create this setup when the relayhost is in the same cluster as the satellite). Fixes #5225 Change-Id: Ifbc201678f2c0e97ee0e12bbf1c7f71d035d45c1 | |||
2014-04-02 | Merge branch '5359_design_docs' into 0.6 | varac | |
2014-04-02 | Merge remote-tracking branch 'github/0.6' into 0.6 | varac | |
2014-04-02 | Merge pull request #20 from elijh/feature/openvpn-config | varac | |
allow ability to customize openvpn security options | |||
2014-04-02 | couch design docs should be always deployed, not only on update of the ↵ | varac | |
design docs json files (Feature #5359) | |||
2014-04-01 | Fix for Openstack/Amazon special case needing to allow ec2_public_ipv4 | Micah Anderson | |
in mynetworks (#5427) Change-Id: Iee954f8cacd852f8c7c598c68a8793a3523c0132 | |||
2014-04-01 | Include all the ips that are allowed to send mail through the relay in | Micah Anderson | |
the mynetworks parameter. Previously we only allowed other mx servers to relay to each other, but this prevents system mail from non-mx nodes from getting out. Fixes "Helo command rejected: You are not in domain bitmask.net (in reply to RCPT TO command))" (#5343) Change-Id: I5e204958cb235808eedc3a1724fb2dc6c7a5b73b | |||
2014-03-31 | Merge branch 'feature/static_site' of https://github.com/elijh/leap_platform ↵ | kwadronaut | |
into elijh-feature/static_site Conflicts: puppet/modules/site_config/manifests/packages/base.pp | |||
2014-03-26 | minor: fix message on stunnel test. | elijah | |
2014-03-26 | contacts.tor must be an array | elijah | |
2014-03-26 | Merge branch '0.6' of ssh://code.leap.se/leap_platform into 0.6 | varac | |
2014-03-26 | Merge branch '5018_dont_remove_dev_packages_on_couch_node' into 0.6 | varac | |
2014-03-26 | Merge branch '5374_openvpn_logwatch' into 0.6 | varac | |
2014-03-26 | Merge branch 'feature/cleanup-test-names' of ↵ | kwadronaut | |
https://github.com/elijh/leap_platform into elijh-feature/cleanup-test-names | |||
2014-03-25 | Move setup.pp to a subclass (site_config::setup) (Feature #2993) | varac | |
2014-03-25 | couch node: same packages removed on every (second ?) puppetrun (Feature #5018) | varac | |
2014-03-25 | ignore openvpn TLS initialization errors (Feature #5374) | varac | |
2014-03-24 | ensure platform.rb is utf8 | elijah | |
2014-03-24 | modules/site_static: part 2 - apache | elijah | |
2014-03-24 | fixes #5360 adds admin@ as reserved address + linting | kwadronaut | |
2014-03-23 | modules/site_static: part 1 - amber | elijah | |
2014-03-20 | allow ability to customize openvpn security stuff: tls-cipher, auth, and ↵ | elijah | |
cipher config options. | |||
2014-03-19 | Merge branch '5306_ignore_tapicero_PreconditionFailed' into 0.6 | varac | |
2014-03-19 | Merge branch '4798_automatic_compaction' into 0.6 | varac | |
2014-03-18 | clean up the names of tests | elijah | |
2014-03-15 | Merge remote-tracking branch 'elijah/feature/test-order' into 0.6 | varac | |
2014-03-15 | Merge remote-tracking branch 'elijah/feature/provider-env' into 0.6 | varac | |
2014-03-14 | added support for environment specific providers (e.g. ↵ | elijah | |
provider.production.json). requires latest leap_cli. | |||
2014-03-13 | catch errors when tapicero fails to create a userdb (Feature #5306) | varac | |
2014-03-13 | Merge branch '5324_nagios_logging' into 0.6 | varac | |
2014-03-13 | deploy automatic compaction via platform (Feature #4798) | varac | |
2014-03-13 | Merge branch '5239_soledad_check' into 0.6 | varac | |
2014-03-13 | Dont't archive nagios logs, use logrotate for it (Feature #5324) | varac | |
2014-03-13 | Dont't archive nagios logs (#5324) | varac | |
2014-03-13 | removed trailing whitespaces in nagios.cfg | varac | |
2014-03-12 | check if soledad is working (Feature #5239) | varac | |
2014-03-12 | Merge remote-tracking branch 'irregulator/bug/5241' into 0.6 | Micah Anderson | |
2014-03-12 | Merge branch 'develop' into 0.6 | Micah Anderson | |
2014-03-12 | Indentation fix. | irregulator | |
2014-03-12 | DirPortFrontPage serves a static webpage only when Tor node is exit. | irregulator | |
See leap.se/code/issues/5241 | |||
2014-03-08 | allow for (optional) configured node order when running tests. requires ↵ | elijah | |
latest leap_cli to work, but won't break with older leap_cli | |||
2014-03-05 | updated submodule rubygems (#3827) | varac | |
2014-03-05 | updated submodule rubygems (#3827) | varac | |
2014-03-05 | use the right package dependencies for site_check_mk::agent class and subclasses | varac | |
2014-03-04 | Merge branch 'improve_monitoring_even_more' into 0.6 | varac | |
2014-03-04 | remove trailing whitespaces from logwatch config files | varac | |
2014-03-04 | updated submodule check_mk | varac | |
2014-03-04 | use curly brackets for variables in check_leap_mx.sh output, see ↵ | varac | |
https://review.leap.se/r/160/#comment156 | |||
2014-03-04 | don't use storedconfigs for check_mk, requires current check_mk module (#5253) | varac | |