From 1cb6f239a68f62e56d192889b64f8d4e377e0118 Mon Sep 17 00:00:00 2001 From: unknown Date: Thu, 30 Apr 2020 09:27:03 +0530 Subject: [PATCH 1/4] Dropping TLSv1 & TLSv1.1 and keeping TLSv1.2 --- scripts/install_moodle.sh | 3 ++- scripts/setup_webserver.sh | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/install_moodle.sh b/scripts/install_moodle.sh index e249cbe8..c991c3f6 100644 --- a/scripts/install_moodle.sh +++ b/scripts/install_moodle.sh @@ -296,7 +296,8 @@ http { set_real_ip_from 127.0.0.1; real_ip_header X-Forwarded-For; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + # Dropping TLSv1 TLSv1.1 + ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; gzip on; diff --git a/scripts/setup_webserver.sh b/scripts/setup_webserver.sh index 74bcec32..593798d8 100644 --- a/scripts/setup_webserver.sh +++ b/scripts/setup_webserver.sh @@ -155,7 +155,8 @@ http { set_real_ip_from 127.0.0.1; real_ip_header X-Forwarded-For; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + # Dropping TLSv1 TLSv1.1 + ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; gzip on; From 4ac73198d5590f1ca49b1bb1b041157104066851 Mon Sep 17 00:00:00 2001 From: asift91 <60592188+asift91@users.noreply.github.com> Date: Thu, 30 Apr 2020 17:55:00 +0530 Subject: [PATCH 2/4] Added ssl ciphers & TLSv1.2 Added ssl ciphers Added TLSv1.2 Dropped TLSv1 & TLSv1.1 --- scripts/install_moodle.sh | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/scripts/install_moodle.sh b/scripts/install_moodle.sh index c991c3f6..8597f802 100644 --- a/scripts/install_moodle.sh +++ b/scripts/install_moodle.sh @@ -296,9 +296,12 @@ http { set_real_ip_from 127.0.0.1; real_ip_header X-Forwarded-For; - # Dropping TLSv1 TLSv1.1 - ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE - ssl_prefer_server_ciphers on; + #upgrading to TLSv1.2 and droping 1 & 1.1 + ssl_protocols TLSv1.2; + #ssl_prefer_server_ciphers on; + #adding ssl ciphers + ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; + gzip on; gzip_disable "msie6"; From 1a65d2f15915204303a48f5fee81400598c6de9b Mon Sep 17 00:00:00 2001 From: asift91 <60592188+asift91@users.noreply.github.com> Date: Thu, 30 Apr 2020 17:56:38 +0530 Subject: [PATCH 3/4] Adding ssl ciphers and TLSv1.2 Added ssl ciphers Added TLSv1.2 Dropped TLSv1 & TLSv1.1 --- scripts/setup_webserver.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/scripts/setup_webserver.sh b/scripts/setup_webserver.sh index 593798d8..a57b4be0 100644 --- a/scripts/setup_webserver.sh +++ b/scripts/setup_webserver.sh @@ -155,9 +155,11 @@ http { set_real_ip_from 127.0.0.1; real_ip_header X-Forwarded-For; - # Dropping TLSv1 TLSv1.1 - ssl_protocols TLSv1.2; # Dropping SSLv3, ref: POODLE - ssl_prefer_server_ciphers on; + #upgrading to TLSv1.2 and droping 1 & 1.1 + ssl_protocols TLSv1.2; + #ssl_prefer_server_ciphers on; + #adding ssl ciphers + ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; gzip on; gzip_disable "msie6"; From a87443acc9c2775bc600303a7b3427fd7526de69 Mon Sep 17 00:00:00 2001 From: asift91 <60592188+asift91@users.noreply.github.com> Date: Wed, 6 May 2020 10:21:58 +0530 Subject: [PATCH 4/4] Updated appGwPipName dependency from lbPipName Updated appGwPipName dependency from lbPipName for appGateWay deployment --- nested/network.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nested/network.json b/nested/network.json index 774bec00..011dc7ca 100644 --- a/nested/network.json +++ b/nested/network.json @@ -275,7 +275,7 @@ "apiVersion": "2017-05-10", "dependsOn": [ "Microsoft.Resources/deployments/subnetTemplate", - "[concat('Microsoft.Network/publicIPAddresses/',parameters('moodleCommon').lbPipName)]" + "[concat('Microsoft.Network/publicIPAddresses/',parameters('moodleCommon').appGwPipName)]" ], "name": "appGwTemplate", "properties": {