Skip to content

Ability to set not only ciphers but also TLS version in dnsdist #8202

New issue
New issue
Closed
#8207
Closed
Ability to set not only ciphers but also TLS version in dnsdist#8202
#8207
Labels
dnsdistfeature request
Milestone
dnsdist-1.4.0
@franklouwers

Description

@franklouwers
franklouwers
opened on Aug 15, 2019
  • Program: dnsdist
  • Issue type /Feature request

Short description

In dnsdist, we can specify the TLS Ciphers to use when negotiating DoT/DoH connections. We should have a parameter to specify the TLS version as well

Usecase

Some environments have strict security requirements, and the accepted TLS version is often one of those. There might be other reasons as well (library bugs that only manifest themselves in a certain version, a protocol fault that can be mitigated using a more recent TLS version ...

Description

We can already specify the ciphers to use, as an option. It would be good to be able to specify the TLS version as well. Most other TLS-capable software (nginx, apache, mysql, ...) allow you to specify the TLS version and most (all?) current TLS libraries support setting the version.

Metadata

Metadata

Assignees

No one assigned

    Labels

    dnsdistfeature request

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions