Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ZSS HTTPS ciphers are not user customizable #484

Closed
1000TurquoisePogs opened this issue Jun 24, 2022 · 6 comments
Closed

ZSS HTTPS ciphers are not user customizable #484

1000TurquoisePogs opened this issue Jun 24, 2022 · 6 comments
Labels
stale-reopen-if-needed An issue closed due to inactivity. No indication of completion or validity.

Comments

@1000TurquoisePogs
Copy link
Member

It appears the ZSS ciphers are a default list which get maintained but are not something the user can customize.
https://github.com/zowe/zss/blob/f397363b33aa0d2e0c31201d0b2047a0750e148b/c/zss.c#L1202=

It looks like other https parameters are customized within agent.https, and so just allowing customization via agent.https.ciphers sounds good.
@1000TurquoisePogs
Copy link
Member Author

1000TurquoisePogs commented Jun 24, 2022
edited
Loading

Since the current list is:
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

If you wanted to set that via config, it looks like they resolve to strings https://github.com/zowe/zowe-common-c/blob/3dc9ce9855a29587618a4a37e058746bac24c5c7/h/tls.h#L40=
ciphers=009E009FC02BC02CC02FC030

@1000TurquoisePogs
Copy link
Member Author

1000TurquoisePogs commented Jun 29, 2022
edited
Loading

https://testssl.sh/openssl-iana.mapping.html lists the openssl and iana names of ciphers.
I suggest rather than doing

agent.https.ciphers=009E009FC02BC02CC02FC030

It would be good to have a mapping between the ints and names so that people can do

agent.https.ciphers=TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

For example.

@github-actions
Copy link

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs, but can be reopened if needed. Thank you for your contributions.

@github-actions github-actions bot added the stale-reopen-if-needed An issue closed due to inactivity. No indication of completion or validity. label Dec 26, 2022
@github-actions
Copy link

This issue has been automatically closed due to lack of activity. If this issue is still valid and important to you, it can be reopened.

@github-actions github-actions bot removed the stale-reopen-if-needed An issue closed due to inactivity. No indication of completion or validity. label Jul 11, 2023
@1000TurquoisePogs 1000TurquoisePogs mentioned this issue Jul 19, 2023
Closed
@github-actions GitHub Actions
Copy link

github-actions bot commented Jan 7, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs, but can be reopened if needed. Thank you for your contributions.

@github-actions github-actions bot added the stale-reopen-if-needed An issue closed due to inactivity. No indication of completion or validity. label Jan 7, 2024
@1000TurquoisePogs
Copy link
Member Author

Implemented in v2.13.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale-reopen-if-needed An issue closed due to inactivity. No indication of completion or validity.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@1000TurquoisePogs