You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Puma currently has the ssl_cipher_filter or ssl_cipher_list options to specify allowed SSL ciphers. These options seem to only be passed through to OpenSSL's SSL_CTX_set_cipher_list function, which sets ciphers for TLS1.2 and below. https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_cipher_list.html
There is no way to restrict cipher suites Puma uses for TLS1.3 connections, it always uses the OpenSSL defaults.
Describe the solution you'd like
A new Puma option to pass cipher suites to OpenSSL's SSL_CTX_set_ciphersuites function, which is used to configure TLS1.3 cipher suites.
Describe alternatives you've considered
Potentially the existing options could be used to pass the same cipher config to SSL_CTX_set_ciphersuites, but it's probably preferable to separate them.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
Puma currently has the
ssl_cipher_filter
orssl_cipher_list
options to specify allowed SSL ciphers. These options seem to only be passed through to OpenSSL's SSL_CTX_set_cipher_list function, which sets ciphers for TLS1.2 and below. https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_cipher_list.htmlThere is no way to restrict cipher suites Puma uses for TLS1.3 connections, it always uses the OpenSSL defaults.
Describe the solution you'd like
A new Puma option to pass cipher suites to OpenSSL's SSL_CTX_set_ciphersuites function, which is used to configure TLS1.3 cipher suites.
Describe alternatives you've considered
Potentially the existing options could be used to pass the same cipher config to SSL_CTX_set_ciphersuites, but it's probably preferable to separate them.
The text was updated successfully, but these errors were encountered: