ece32fce53
🔒 Update supported TLS cipher suites
...
The list of cipher suites included in this commit are consistent with
the values and precedence in the [Golang TLS documentation](https://golang.org/src/crypto/tls/cipher_suites.go ).
> **Note:** Cipher suites with RC4 are still included within the list
> of accepted values for compatibility, but **these cipher suites are
> not safe to use** and should be deprecated with warnings and
> subsequently removed. Support for RC4 ciphers has already been
> removed or disabled by default in many prominent browsers and tools,
> including Golang.
>
> **References:**
>
> * [RC4 on Wikipedia](https://en.wikipedia.org/wiki/RC4 )
> * [Mozilla Security Blog](https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/ )
2018-03-15 10:19:46 -07:00
23dfc483a0
⤵️ Merge from `master`; no conflicts
2018-03-15 09:13:01 -07:00
da7f8ab59d
website: clarify where ACL token is set in the UI
2018-03-14 16:50:04 -07:00
9a911bba0c
website: add section on securing the UI with ACLs
...
Figured it would be worth documenting due to #3931 .
2018-03-14 16:46:04 -07:00
e9218d031e
Call out the service-watch upgrade notice
2018-03-14 11:03:21 +00:00
e04a003d7a
Merge pull request #3884 from rberlind/master
...
Updated Stale Reads section of DNS Caching Guide
2018-03-13 16:56:58 -07:00
7390fdcad1
Merge pull request #3952 from slopeinsb/patch-1
...
Update index.html.md
2018-03-13 16:07:10 -07:00
defd90b3da
Update CHANGELOG.md
2018-03-13 15:32:37 -07:00
089ceff264
📝 Clarify the list of supported TLS cipher suites
...
Previously, the documentation linked to Golang's source code, which
can drift from the list of cipher suites supported by Consul. Consul
has a hard-coded mapping of string values to Golang cipher suites, so
this is a more direct source of truth to help users understand which
string values are accepted in the `tls_cipher_suites` configuration
value.
2018-03-13 09:25:03 -07:00
8b41890cee
Merge pull request #3946 from hashicorp/je.fixes
...
Small Adjustments
2018-03-13 11:15:50 -05:00
24588fc479
Update index.html.md
...
update cli commands for consul 1.x
2018-03-09 09:46:37 -08:00
75549ec960
Update CHANGELOG.md
2018-03-09 07:37:57 -06:00
401215230c
Merge pull request #3940 from pierresouchay/dns_max_size
...
Allow to control the number of A/AAAA Record returned by DNS
2018-03-09 07:35:32 -06:00
80bc8e1ff6
Some tweaks to the documentation for a_record_limit
2018-03-08 11:23:07 -06:00
8545b998ff
Updated documentation as requested by @preetapan
2018-03-08 18:02:40 +01:00
241c7e5f5f
Cleaner Unit tests from suggestions from @preetapan
2018-03-07 18:24:41 +01:00
41d6a3762c
update to latest middleman-hashicorp
...
this includes minor text fixes for the universal nav
2018-03-06 16:37:58 -05:00
b4dce65d45
First instance of 'Consul' on homepage -> 'HashiCorp Consul'
2018-03-06 16:37:47 -05:00
734f50b7a7
Merge pull request #3944 from hashicorp/f-testify
...
agent/consul/fsm: begin using testify/assert
2018-03-06 09:55:31 -08:00
fbac58280e
agent/consul/fsm: begin using testify/assert
2018-03-06 09:48:15 -08:00
09970479b5
Allow to control the number of A/AAAA Record returned by DNS
...
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.
It will fix https://github.com/hashicorp/consul/issues/3355 and
https://github.com/hashicorp/consul/issues/3937
See https://github.com/hashicorp/consul/issues/3937#issuecomment-370610509
for details.
It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.
The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
2018-03-06 02:07:42 +01:00
413cb3d3b5
Re-use defined endpoints for tests
2018-03-03 11:19:18 -08:00
4e0d229191
Highlighting the dead link
...
I am proposing to remove a dead link (https://atlas.hashicorp.com/help/consul/alternatives ). If the page has moved and the new location is known, it would be of course better to update the link.
2018-03-02 18:22:19 -05:00
5a9a794531
Merge pull request #3928 from hashicorp/service-token-docs
...
Notes on ACL token storage and permissions
2018-03-02 16:28:56 +00:00
d4bce06637
Update CHANGELOG.md
2018-03-02 16:27:48 +00:00
628dcc9793
Merge pull request #3899 from pierresouchay/fix_blocking_queries_index
...
Services Indexes modified per service instead of using a global Index
2018-03-02 16:24:43 +00:00
34fe6f17e2
Notes on ACL token storage and permissions
2018-03-02 16:22:12 +00:00
37e7e6e7a1
Notes on ACL token storage and permissions
2018-03-02 16:20:11 +00:00
de25aa17ee
Clarify encrypt key for WAN joined DCs
2018-03-02 10:41:09 -05:00
df285ec384
Better information and advices for upgrade to 1.0.7+
2018-03-02 09:08:00 +01:00
85b73f8163
Simplified error handling for maxIndexForService
...
* added unit tests to ensure service index is properly garbage collected
* added Upgrade from Version 1.0.6 to higher section in documentation
2018-03-01 14:09:36 +01:00
be4fa97fda
Update CHANGELOG.md
2018-02-28 13:26:08 +00:00
7a65f9fbeb
Merge pull request #3922 from hashicorp/docs-fix-two-dc-links
...
website: override automatic linking of list items for softlayer dc
2018-02-27 12:09:34 -08:00
39ed02cf0c
website: override automatic linking of list items for softlayer dc
...
This avoids a conflict with #datacenter later on the page. We're mixing
histroic manually specified anchors with generated anchors (via
redcarpet / middleman-hashicorp) so we have to manually override the
automatic generation here.
I was tempted to rewrite the old manual anchors to use the automatic
generation, but there is no way to maintain backwards compatibility,
so will leave that for a time when it is appropriate for us to break
links (or redirect them, etc).
Fixes #3916
2018-02-27 10:53:12 -08:00
a61cdf139e
Merge pull request #3914 from alvin-huang/fix_vendor
...
remove old pkgs and put deps of missing packages in vendor.json
2018-02-24 10:01:12 -06:00
6bc9f6844f
remove old pkgs and put deps of missing packages in vendor.json
2018-02-23 17:08:24 -05:00
f8147805d9
Merge pull request #3903 from hashicorp/build-fixes
...
[WIP] Attempt to find some low-hanging fruit for CI failures
2018-02-23 13:12:45 +00:00
e364c2169c
Merge pull request #3910 from hashicorp/fix-shell
...
Fix test running in non-bash shells
2018-02-23 13:12:18 +00:00
1d4ced0d46
Add a link to the leader election guide in the lock API docs
2018-02-22 15:57:46 -08:00
6637607ebe
Use GOTAGS in the vet make goal
2018-02-22 15:57:09 -08:00
f7ecbce39a
Fix test running in non-bash shells
2018-02-22 14:06:06 +00:00
7c61a2eb05
Revert "Change .travis.yml, set parallel to 1 to pass tests"
...
This reverts commit e7d1668347c751104ccebcd384f9ab742d9e0f55.
2018-02-22 14:16:24 +01:00
0eaf62ce68
Change .travis.yml, set parallel to 1 to pass tests
2018-02-22 09:27:55 +01:00
dfd28cbfb4
[Revert] travis tunning as requested by @banks
2018-02-22 08:38:42 +01:00
0ee77a5e02
Merge pull request #3900 from hashicorp/fix-monitor-sigint-3891
...
Fixes #3891 : agent monitor no longer unresponsive before logs stream.
2018-02-21 21:28:33 +00:00
687d29324b
Update CHANGELOG
2018-02-21 13:28:17 -06:00
f8f8a1a65f
Merge pull request #3909 from hashicorp/b-leaderloop-revokeonerror
...
Make sure revokeLeadership is called if establishLeadership errors
2018-02-21 13:23:31 -06:00
77d35f1829
Remove extra newline
2018-02-21 13:21:47 -06:00
573500dc51
Unit test that calls revokeLeadership twice to make sure its idempotent
2018-02-21 12:48:53 -06:00
bd270b02ba
Make sure revokeLeadership is called if establishLeadership errors
2018-02-21 12:33:22 -06:00
Devin Canterberry