Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ability to set not only ciphers but also TLS version in dnsdist #8202

Closed
franklouwers opened this issue Aug 15, 2019 · 2 comments · Fixed by #8207

Comments

@franklouwers
Copy link
Contributor

commented Aug 15, 2019

  • Program: dnsdist
  • Issue type /Feature request

Short description

In dnsdist, we can specify the TLS Ciphers to use when negotiating DoT/DoH connections. We should have a parameter to specify the TLS version as well

Usecase

Some environments have strict security requirements, and the accepted TLS version is often one of those. There might be other reasons as well (library bugs that only manifest themselves in a certain version, a protocol fault that can be mitigated using a more recent TLS version ...

Description

We can already specify the ciphers to use, as an option. It would be good to be able to specify the TLS version as well. Most other TLS-capable software (nginx, apache, mysql, ...) allow you to specify the TLS version and most (all?) current TLS libraries support setting the version.

@andrewhearn

This comment has been minimized.

Copy link

commented Aug 15, 2019

I'd like to see this too (I was just looking in the doc on how to do this).

@franklouwers

This comment has been minimized.

Copy link
Contributor Author

commented Aug 15, 2019

Also came up on the mailing list this week...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.