Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

dnsdist: Prefer the cipher suite from the server by default (DoH, DoT) #8526

Merged
merged 1 commit into from Nov 13, 2019

Conversation

rgacogne
Copy link
Member

@rgacogne rgacogne commented Nov 12, 2019

Short description

This setting should only be set when all ciphers offered by the server are considered secure, and our default suite still has a few options offered for compatibility reasons, which might not be as secure as other alternatives.
Apparently this also causes issue for some clients, even though it should not matter.

Checklist

I have:

  • read the CONTRIBUTING.md document
  • compiled this code
  • tested this code
  • included documentation (including possible behaviour changes)
  • documented the code
  • added or modified regression test(s)
  • added or modified unit test(s)

This setting should only be set when all ciphers offered by the server
are considered secure, and our default suite still has a few options
offered for compatibility reasons, which might not be as secure as
other alternatives.
Apparently this also causes issue for some clients, even though it
should not matter.
@rgacogne rgacogne added this to the dnsdist-1.4.0 milestone Nov 12, 2019
@rgacogne rgacogne merged commit 02f6eab into PowerDNS:master Nov 13, 2019
7 checks passed
@rgacogne rgacogne deleted the ddist-prefer-server-order branch Nov 13, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant