open-vault

Commit Graph

Author	SHA1	Message	Date
Hamid Ghaf	27bb03bbc0	adding copyright header (#19555 ) * adding copyright header * fix fmt and a test	2023-03-15 09:00:52 -07:00
Jeff Mitchell	4e1470f483	Handpick cluster cipher suites when they're not user-set (#7487 ) * Handpick cluster cipher suites when they're not user-set There is an undocumented way for users to choose cluster cipher suites but for the most part this is to paper over the fact that there are undesirable suites in TLS 1.2. If not explicitly set, have the set of cipher suites for the cluster port come from a hand-picked list; either the allowed TLS 1.3 set (for forwards compatibility) or the three identical ones for TLS 1.2. The 1.2 suites have been supported in Go until at least as far back as Go 1.9 from two years ago. As a result in cases where no specific suites have been chosen this _ought_ to have no compatibility issues. Also includes a useful test script.	2019-10-28 12:51:45 -04:00

Author

SHA1

Message

Date

Hamid Ghaf

27bb03bbc0

adding copyright header (#19555 )

* adding copyright header

* fix fmt and a test

2023-03-15 09:00:52 -07:00

Jeff Mitchell

4e1470f483

Handpick cluster cipher suites when they're not user-set (#7487 )

* Handpick cluster cipher suites when they're not user-set

There is an undocumented way for users to choose cluster cipher suites
but for the most part this is to paper over the fact that there are
undesirable suites in TLS 1.2.

If not explicitly set, have the set of cipher suites for the cluster
port come from a hand-picked list; either the allowed TLS 1.3 set (for
forwards compatibility) or the three identical ones for TLS 1.2.

The 1.2 suites have been supported in Go until at least as far back as
Go 1.9 from two years ago. As a result in cases where no specific suites
have been chosen this _ought_ to have no compatibility issues.

Also includes a useful test script.

2019-10-28 12:51:45 -04:00

2 Commits