Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support to specify cipher-list in management_security model #1973

Closed
1 task done
UchihaItachiSama opened this issue Aug 3, 2022 · 0 comments · Fixed by #2000
Closed
1 task done

Add support to specify cipher-list in management_security model #1973

UchihaItachiSama opened this issue Aug 3, 2022 · 0 comments · Fixed by #2000
Labels
type: enhancement New feature or request

Comments

@UchihaItachiSama
Copy link
Contributor

Enhancement summary

Add support to specify the cipher-list in management_security data model in eos_cli_config_gen

management security
   ssl profile eAPI
      cipher-list ECDHE-RSA-AES256-GCM-SHA384
      certificate eAPI.crt key eAPI.key

https://avd.sh/en/stable/roles/eos_cli_config_gen/index.html#management-security

Which component of AVD is impacted

eos_cli_config_gen

Use case example

This is currently required when using python 3.10 for enabling strong ciphers on EOS side to avoid SSLV3_ALERT_HANDSHAKE_FAILURE error when connecting via eAPI.

Describe the solution you would like

management_security:
  entropy_source: < entropy_source >
  password:
    minimum_length: < 1-32 >
    encryption_key_common: < true | false >
    encryption_reversible: < aes-256-gcm >
  ssl_profiles:
    - name: <ssl_profile_1>
      tls_versions: < list of allowed tls versions as string >
      cipher-list: < valid-cipher-string >        <-------- New addition
      certificate:
        file: < certificate filename >
        key: < key filename >
    - name: <ssl_profile_2>
      tls_versions: < list of allowed tls versions as string >

Describe alternatives you have considered

since there is no eos_cli available under management_security data model, I have to eos_cli to render full management security config under root level.

Additional context

No response

Contributing Guide

  • I agree to follow this project's Code of Conduct
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Feat(eos_cli_config_gen): add support for SSL profile cipher-list gmuloc/avd
1 participant
@UchihaItachiSama