Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist: Prefer the cipher suite from the server by default (DoH, DoT) #8526

Merged
merged 1 commit into from Nov 13, 2019

Conversation

@rgacogne
Copy link
Member

rgacogne commented Nov 12, 2019

Short description

This setting should only be set when all ciphers offered by the server are considered secure, and our default suite still has a few options offered for compatibility reasons, which might not be as secure as other alternatives.
Apparently this also causes issue for some clients, even though it should not matter.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)
This setting should only be set when all ciphers offered by the server
are considered secure, and our default suite still has a few options
offered for compatibility reasons, which might not be as secure as
other alternatives.
Apparently this also causes issue for some clients, even though it
should not matter.
@rgacogne rgacogne added the dnsdist label Nov 12, 2019
@rgacogne rgacogne added this to the dnsdist-1.4.0 milestone Nov 12, 2019
@rgacogne rgacogne merged commit 02f6eab into PowerDNS:master Nov 13, 2019
7 checks passed
7 checks passed
LGTM analysis: JavaScript No code changes detected
Details
LGTM analysis: Python No code changes detected
Details
LGTM analysis: C/C++ No new or fixed alerts
Details
ci/circleci: build-dnsdist Your tests passed on CircleCI!
Details
ci/circleci: test-dnsdist-regression Your tests passed on CircleCI!
Details
ci/circleci: test-recursor-regression Your tests passed on CircleCI!
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@rgacogne rgacogne deleted the rgacogne:ddist-prefer-server-order branch Nov 13, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.