Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to set not only ciphers but also TLS version in dnsdist #8202

Closed
franklouwers opened this issue Aug 15, 2019 · 2 comments · Fixed by #8207
Closed

Ability to set not only ciphers but also TLS version in dnsdist #8202

franklouwers opened this issue Aug 15, 2019 · 2 comments · Fixed by #8207
Labels
dnsdist feature request
Milestone
dnsdist-1.4.0

Comments

@franklouwers
Copy link
Contributor

franklouwers commented Aug 15, 2019
edited
Loading

  • Program: dnsdist
  • Issue type /Feature request

Short description

In dnsdist, we can specify the TLS Ciphers to use when negotiating DoT/DoH connections. We should have a parameter to specify the TLS version as well

Usecase

Some environments have strict security requirements, and the accepted TLS version is often one of those. There might be other reasons as well (library bugs that only manifest themselves in a certain version, a protocol fault that can be mitigated using a more recent TLS version ...

Description

We can already specify the ciphers to use, as an option. It would be good to be able to specify the TLS version as well. Most other TLS-capable software (nginx, apache, mysql, ...) allow you to specify the TLS version and most (all?) current TLS libraries support setting the version.
@andrewhearn
Copy link

I'd like to see this too (I was just looking in the doc on how to do this).

@franklouwers
Copy link
Contributor Author

Also came up on the mailing list this week...

@rgacogne rgacogne added this to the dnsdist-1.4.0 milestone Aug 15, 2019
@Habbie Habbie mentioned this issue Aug 15, 2019
Closed
@rgacogne rgacogne mentioned this issue Aug 16, 2019
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
dnsdist feature request
Projects
None yet
Milestone
dnsdist-1.4.0
Development

Successfully merging a pull request may close this issue.

dnsdist: Add minTLSVersion for DoH and DoH rgacogne/pdns
3 participants
@franklouwers @rgacogne @andrewhearn