Add support for tls PreferServerCipherSuites #4338
Conversation
add further tests for tls configuration
helper/tlsutil/config.go
Outdated
| @@ -107,6 +107,12 @@ type Config struct { | |||
|
|
|||
| // MinVersion contains the minimum SSL/TLS version that is accepted. | |||
| MinVersion uint16 | |||
|
|
|||
| // PreferServerCipherSuites controls whether the server selects the | |||
There was a problem hiding this comment.
Can you move this to be next to cipher suites
| @@ -67,6 +67,9 @@ the [Agent's Gossip and RPC Encryption](/docs/agent/encryption.html). | |||
| - `tls_min_version` - Specifies the minimum supported version of TLS. Accepted | |||
| values are "tls10", "tls11", "tls12". Defaults to TLS 1.2. | |||
|
|
|||
| - tls_prefer_server_cipher_suites - This option will cause Nomad to prefer the | |||
There was a problem hiding this comment.
Put it in code blocks and always start the docs with Specifies.... Here it would be Specifies whether TLS connections should prefer the server's ciphersuite over the client's.
There was a problem hiding this comment.
Add the default value to this, tls_min_version and tls_cipher_suites. For the cipher_suites use: https://www.nomadproject.io/docs/agent/configuration/client.html#servers
There was a problem hiding this comment.
tls_min_version and tls_cipher_suites both specify defaults, but if there is a clearer way to indicate this let me know.
There was a problem hiding this comment.
See how all other fields use the common format of specifying defaults after the parameter name: https://github.com/hashicorp/nomad/pull/4338/files#diff-3b31a52d9f28cef5fa96fb6f8b149907R57
|
I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions. |
add further tests for tls configuration