Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist: Add minTLSVersion for DoH and DoH #8207

Merged
merged 3 commits into from Aug 27, 2019

Conversation

@rgacogne
Copy link
Member

commented Aug 16, 2019

Short description

Fixes #8202.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

@rgacogne rgacogne added this to the dnsdist-1.4.0 milestone Aug 16, 2019

@franklouwers
Copy link
Contributor

left a comment

Does the remark about gnuTLS apply to addDOHLocal() as well? If so, best to document it. I can't directly where the default is being set. I assume there's no minimum (well, I hope we're not trying to do sslv2/sslv3)?

pdns/dnsdistdist/docs/reference/config.rst Outdated Show resolved Hide resolved
@rgacogne

This comment has been minimized.

Copy link
Member Author

commented Aug 16, 2019

Does the remark about gnuTLS apply to addDOHLocal() as well? If so, best to document it.

It does not, DoH only uses OpensSL.

I can't directly where the default is being set. I assume there's no minimum (well, I hope we're not trying to do sslv2/sslv3)?

The default is TLS 1.0+, I'll document that.

rgacogne added 2 commits Aug 16, 2019

@rgacogne rgacogne requested a review from chbruyand Aug 27, 2019

@rgacogne rgacogne merged commit 6147573 into PowerDNS:master Aug 27, 2019

25 of 27 checks passed

LGTM analysis: JavaScript No code changes detected
Details
LGTM analysis: Python No code changes detected
Details
LGTM analysis: C/C++ No new or fixed alerts
Details
ci/circleci: build-auth Your tests passed on CircleCI!
Details
ci/circleci: build-auth-docs Your tests passed on CircleCI!
Details
ci/circleci: build-dnsdist Your tests passed on CircleCI!
Details
ci/circleci: build-dnsdist-docs Your tests passed on CircleCI!
Details
ci/circleci: build-recursor Your tests passed on CircleCI!
Details
ci/circleci: build-recursor-docs Your tests passed on CircleCI!
Details
ci/circleci: test-auth-algorithms Your tests passed on CircleCI!
Details
ci/circleci: test-auth-api Your tests passed on CircleCI!
Details
ci/circleci: test-auth-regress-bind Your tests passed on CircleCI!
Details
ci/circleci: test-auth-regress-gmysql Your tests passed on CircleCI!
Details
ci/circleci: test-auth-regress-gpgsql Your tests passed on CircleCI!
Details
ci/circleci: test-auth-regress-gsqlite3 Your tests passed on CircleCI!
Details
ci/circleci: test-auth-regress-ldap Your tests passed on CircleCI!
Details
ci/circleci: test-auth-regress-lmdb Your tests passed on CircleCI!
Details
ci/circleci: test-auth-regress-mydns Your tests passed on CircleCI!
Details
ci/circleci: test-auth-regress-odbc-mssql Your tests passed on CircleCI!
Details
ci/circleci: test-auth-regress-odbc-sqlite3 Your tests passed on CircleCI!
Details
ci/circleci: test-auth-regress-tinydns Your tests passed on CircleCI!
Details
ci/circleci: test-dnsdist-regression Your tests passed on CircleCI!
Details
ci/circleci: test-ixfrdist-regression Your tests passed on CircleCI!
Details
ci/circleci: test-recursor-api Your tests passed on CircleCI!
Details
ci/circleci: test-recursor-bulk Your tests passed on CircleCI!
Details
ci/circleci: test-recursor-regression Your tests passed on CircleCI!
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@rgacogne rgacogne deleted the rgacogne:dnsdist-tls-version branch Aug 27, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.