Devin Canterberry
ece32fce53
🔒 Update supported TLS cipher suites
...
The list of cipher suites included in this commit are consistent with
the values and precedence in the [Golang TLS documentation](https://golang.org/src/crypto/tls/cipher_suites.go ).
> **Note:** Cipher suites with RC4 are still included within the list
> of accepted values for compatibility, but **these cipher suites are
> not safe to use** and should be deprecated with warnings and
> subsequently removed. Support for RC4 ciphers has already been
> removed or disabled by default in many prominent browsers and tools,
> including Golang.
>
> **References:**
>
> * [RC4 on Wikipedia](https://en.wikipedia.org/wiki/RC4 )
> * [Mozilla Security Blog](https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/ )
2018-03-15 10:19:46 -07:00
Devin Canterberry
23dfc483a0
⤵️ Merge from `master`; no conflicts
2018-03-15 09:13:01 -07:00
Jack Pearkes
da7f8ab59d
website: clarify where ACL token is set in the UI
2018-03-14 16:50:04 -07:00
Jack Pearkes
9a911bba0c
website: add section on securing the UI with ACLs
...
Figured it would be worth documenting due to #3931 .
2018-03-14 16:46:04 -07:00
Paul Banks
e9218d031e
Call out the service-watch upgrade notice
2018-03-14 11:03:21 +00:00
Jack Pearkes
e04a003d7a
Merge pull request #3884 from rberlind/master
...
Updated Stale Reads section of DNS Caching Guide
2018-03-13 16:56:58 -07:00
Jack Pearkes
7390fdcad1
Merge pull request #3952 from slopeinsb/patch-1
...
Update index.html.md
2018-03-13 16:07:10 -07:00
Jack Pearkes
defd90b3da
Update CHANGELOG.md
2018-03-13 15:32:37 -07:00
Devin Canterberry
089ceff264
📝 Clarify the list of supported TLS cipher suites
...
Previously, the documentation linked to Golang's source code, which
can drift from the list of cipher suites supported by Consul. Consul
has a hard-coded mapping of string values to Golang cipher suites, so
this is a more direct source of truth to help users understand which
string values are accepted in the `tls_cipher_suites` configuration
value.
2018-03-13 09:25:03 -07:00
Preetha
8b41890cee
Merge pull request #3946 from hashicorp/je.fixes
...
Small Adjustments
2018-03-13 11:15:50 -05:00
randall thomson
24588fc479
Update index.html.md
...
update cli commands for consul 1.x
2018-03-09 09:46:37 -08:00
Pierre Souchay
d9b59d1b3e
Fixed minor typo (+ travis tests is unstable)
2018-03-09 18:42:13 +01:00
Pierre Souchay
871b9907cb
Optimize size for SRV records, should improve performance a bit
...
Stricter Unit tests that checks if truncation was OK.
2018-03-09 18:25:29 +01:00
Preetha Appan
75549ec960
Update CHANGELOG.md
2018-03-09 07:37:57 -06:00
Preetha
401215230c
Merge pull request #3940 from pierresouchay/dns_max_size
...
Allow to control the number of A/AAAA Record returned by DNS
2018-03-09 07:35:32 -06:00
Preetha
80bc8e1ff6
Some tweaks to the documentation for a_record_limit
2018-03-08 11:23:07 -06:00
Pierre Souchay
8545b998ff
Updated documentation as requested by @preetapan
2018-03-08 18:02:40 +01:00
Pierre Souchay
b0b243bf1b
Fixed wrong format of debug msg in unit test
2018-03-08 00:36:17 +01:00
Pierre Souchay
c3713dbbf1
Performance optimization for services having more than 2k records
2018-03-08 00:26:41 +01:00
Pierre Souchay
1085d5a7b4
Avoid issue with compression of DNS messages causing overflow
2018-03-07 23:33:41 +01:00
Pierre Souchay
241c7e5f5f
Cleaner Unit tests from suggestions from @preetapan
2018-03-07 18:24:41 +01:00
Pierre Souchay
b672707552
64000 max limit to DNS messages since there is overhead
...
Added debug log to give information about truncation.
2018-03-07 16:14:41 +01:00
Pierre Souchay
06afb4d02c
[BUGFIX] do not break when TCP DNS answer exceeds 64k
...
It will avoid having discovery broken when having large number
of instances of a service (works with SRV and A* records).
Fixes https://github.com/hashicorp/consul/issues/3850
2018-03-07 10:08:06 +01:00
Jeff Escalante
41d6a3762c
update to latest middleman-hashicorp
...
this includes minor text fixes for the universal nav
2018-03-06 16:37:58 -05:00
Jeff Escalante
b4dce65d45
First instance of 'Consul' on homepage -> 'HashiCorp Consul'
2018-03-06 16:37:47 -05:00
Mitchell Hashimoto
734f50b7a7
Merge pull request #3944 from hashicorp/f-testify
...
agent/consul/fsm: begin using testify/assert
2018-03-06 09:55:31 -08:00
Mitchell Hashimoto
fbac58280e
agent/consul/fsm: begin using testify/assert
2018-03-06 09:48:15 -08:00
Pierre Souchay
09970479b5
Allow to control the number of A/AAAA Record returned by DNS
...
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.
It will fix https://github.com/hashicorp/consul/issues/3355 and
https://github.com/hashicorp/consul/issues/3937
See https://github.com/hashicorp/consul/issues/3937#issuecomment-370610509
for details.
It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.
The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
2018-03-06 02:07:42 +01:00
Edd Steel
413cb3d3b5
Re-use defined endpoints for tests
2018-03-03 11:19:18 -08:00
Sergei Ryabkov
4e0d229191
Highlighting the dead link
...
I am proposing to remove a dead link (https://atlas.hashicorp.com/help/consul/alternatives ). If the page has moved and the new location is known, it would be of course better to update the link.
2018-03-02 18:22:19 -05:00
Paul Banks
5a9a794531
Merge pull request #3928 from hashicorp/service-token-docs
...
Notes on ACL token storage and permissions
2018-03-02 16:28:56 +00:00
Paul Banks
d4bce06637
Update CHANGELOG.md
2018-03-02 16:27:48 +00:00
Paul Banks
628dcc9793
Merge pull request #3899 from pierresouchay/fix_blocking_queries_index
...
Services Indexes modified per service instead of using a global Index
2018-03-02 16:24:43 +00:00
Paul Banks
34fe6f17e2
Notes on ACL token storage and permissions
2018-03-02 16:22:12 +00:00
Paul Banks
37e7e6e7a1
Notes on ACL token storage and permissions
2018-03-02 16:20:11 +00:00
Brian Shumate
de25aa17ee
Clarify encrypt key for WAN joined DCs
2018-03-02 10:41:09 -05:00
Pierre Souchay
df285ec384
Better information and advices for upgrade to 1.0.7+
2018-03-02 09:08:00 +01:00
Pierre Souchay
85b73f8163
Simplified error handling for maxIndexForService
...
* added unit tests to ensure service index is properly garbage collected
* added Upgrade from Version 1.0.6 to higher section in documentation
2018-03-01 14:09:36 +01:00
Paul Banks
be4fa97fda
Update CHANGELOG.md
2018-02-28 13:26:08 +00:00
Jack Pearkes
7a65f9fbeb
Merge pull request #3922 from hashicorp/docs-fix-two-dc-links
...
website: override automatic linking of list items for softlayer dc
2018-02-27 12:09:34 -08:00
Jack Pearkes
39ed02cf0c
website: override automatic linking of list items for softlayer dc
...
This avoids a conflict with #datacenter later on the page. We're mixing
histroic manually specified anchors with generated anchors (via
redcarpet / middleman-hashicorp) so we have to manually override the
automatic generation here.
I was tempted to rewrite the old manual anchors to use the automatic
generation, but there is no way to maintain backwards compatibility,
so will leave that for a time when it is appropriate for us to break
links (or redirect them, etc).
Fixes #3916
2018-02-27 10:53:12 -08:00
Preetha
a61cdf139e
Merge pull request #3914 from alvin-huang/fix_vendor
...
remove old pkgs and put deps of missing packages in vendor.json
2018-02-24 10:01:12 -06:00
Alvin Huang
6bc9f6844f
remove old pkgs and put deps of missing packages in vendor.json
2018-02-23 17:08:24 -05:00
Paul Banks
f8147805d9
Merge pull request #3903 from hashicorp/build-fixes
...
[WIP] Attempt to find some low-hanging fruit for CI failures
2018-02-23 13:12:45 +00:00
Paul Banks
e364c2169c
Merge pull request #3910 from hashicorp/fix-shell
...
Fix test running in non-bash shells
2018-02-23 13:12:18 +00:00
Kyle Havlovitz
1d4ced0d46
Add a link to the leader election guide in the lock API docs
2018-02-22 15:57:46 -08:00
Kyle Havlovitz
6637607ebe
Use GOTAGS in the vet make goal
2018-02-22 15:57:09 -08:00
Paul Banks
f7ecbce39a
Fix test running in non-bash shells
2018-02-22 14:06:06 +00:00
Pierre Souchay
7c61a2eb05
Revert "Change .travis.yml, set parallel to 1 to pass tests"
...
This reverts commit e7d1668347c751104ccebcd384f9ab742d9e0f55.
2018-02-22 14:16:24 +01:00
Pierre Souchay
0eaf62ce68
Change .travis.yml, set parallel to 1 to pass tests
2018-02-22 09:27:55 +01:00