Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist: Add minTLSVersion for DoH and DoH #8207

Merged
merged 3 commits into from
Aug 27, 2019

Conversation

rgacogne
Copy link
Member

Short description

Fixes #8202.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

Copy link
Contributor

@franklouwers franklouwers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does the remark about gnuTLS apply to addDOHLocal() as well? If so, best to document it. I can't directly where the default is being set. I assume there's no minimum (well, I hope we're not trying to do sslv2/sslv3)?

pdns/dnsdistdist/docs/reference/config.rst Outdated Show resolved Hide resolved
@rgacogne
Copy link
Member Author

rgacogne commented Aug 16, 2019

Does the remark about gnuTLS apply to addDOHLocal() as well? If so, best to document it.

It does not, DoH only uses OpensSL.

I can't directly where the default is being set. I assume there's no minimum (well, I hope we're not trying to do sslv2/sslv3)?

The default is TLS 1.0+, I'll document that.

@rgacogne rgacogne merged commit 6147573 into PowerDNS:master Aug 27, 2019
@rgacogne rgacogne deleted the dnsdist-tls-version branch August 27, 2019 13:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Ability to set not only ciphers but also TLS version in dnsdist
3 participants