Oct 24, 2014:

12:49 AM Changeset [2636] by glasgall
Ignore virtual filesystems under /sys on ldap hosts. Because selinux and because they're virtual anyway.

Oct 20, 2014:

12:06 AM Changeset [2635] by andersk
Update SSLCipherSuite from Mozilla guidelines version 3.3

Oct 16, 2014:

3:37 AM Changeset [2634] by andersk
openafs: Update force_drop patch to log more information requested by upstream

Oct 13, 2014:

5:57 AM Changeset [2633] by andersk
openafs: we beseech thee, raineth not thine ENOENT upon thy callers of getcwd() This reverts http://gerrit.openafs.org/11358 and adds some logging. Amen.
12:56 AM Changeset [2632] by andersk
Disable SSL 3.0 SSL 3.0 is only required by IE 6 on Windows XP, both of which are unsupported. Those users can upgrade to IE 8, switch to another browser, and/or get a supported OS if they want to continue making SSL connections to us. By forcing downgrades from TLS 1.x to SSL 3.0, attackers could force the negotiation of non-forward-secret ciphers. It’s time to stop letting IE 6 hold back security in current browsers.

Oct 11, 2014:

7:48 PM Changeset [2631] by achernya
Add configuration for www.achernya.com since the cert is for that too
7:45 PM Changeset [2630] by achernya
Certificate and configuration for vasilvv.org

Oct 10, 2014:

12:03 AM Changeset [2629] by achernya
Certificate and configuration for log.vasilvv.org

Oct 9, 2014:

9:48 PM Changeset [2628] by achernya
Hidden intermediate is hidden
9:39 PM Changeset [2627] by achernya
Certificate renewal for achernya.com
9:21 PM Changeset [2626] by achernya
scripts.mit.edu and *.scripts.mit.edu sha256 certs
3:41 AM Changeset [2625] by andersk
Patch httpd crash when using SSL variables on non-SSL connections https://issues.apache.org/bugzilla/show_bug.cgi?id=57070

Oct 8, 2014:

9:11 PM Changeset [2624] by achernya
SHA256 MITcert renewals

Oct 6, 2014:

10:33 PM Changeset [2623] by achernya
SHA256 renewal for feed.mit.edu

Oct 5, 2014:

8:00 PM Ticket #387 (OpenAFS getcwd() sometimes returns ENOENT) reopened by andersk
This bug has reappeared with the upgrade from 1.6.8 to 1.6.10pre1. :-( …
7:19 PM Changeset [2622] by achernya
Block a spammy user

Oct 4, 2014:

10:42 PM Changeset [2621] by andersk
Enforce a modern TLS cipher suite order This configuration was copied from the backward compatibility configuration at https://wiki.mozilla.org/Security/Server_Side_TLS, version 3/3.1/3.2.

Sep 30, 2014:

2:37 PM Ticket #404 (Use tmpl_context, not threading.local(), for request-local state) created by andersk
Pony tries to use threading.local() to store request-local state, …

Sep 26, 2014:

5:20 AM Changeset [2620] by andersk
Revert r2619 “bash: Disable function imports” The fixes applied in bash 4.2.48-2 are convincing. Specifically, function exports now use the variable ‘BASH_FUNC_foo()’ instead of ‘foo’, and will be blocked by suexec or anything that puts nonzero effort into sanitizing the environment. And we don’t want to maintain bash forever.

Sep 24, 2014:

9:13 PM Changeset [2619] by andersk
bash: Disable function imports The upstream fix for CVE-2014-6271 isn’t good enough. Furthermore, even if they were completely fixed to operate as intended, they are still a bad idea to begin with. Disable this feature entirely.
Note: See TracTimeline for information about the timeline view.