Allow specifying haproxy SSL Cipher list #14505
Merged
Commits on Jun 6, 2017
-
From https://wiki.mozilla.org/Security/Server_Side_TLS update the three cipher suites: # Modern cipher suite (no legacy browser support) - not currently used # Intermediate cipher suite (default) - currently used # Old cipher suite (maximum compatibility but insecure) - not currently used
Commits on Jun 9, 2017
-
Allow specifying haproxy SSL Cipher list
The user can select from among 3 predefined cipher lists: modern, intermediate, or old. Alternatively the use may provide a custom cipher list see "man 1 ciphers". The list is used to negotiate a cipher between a user and haproxyi during bind. The predefined lists are from: https://wiki.mozilla.org/Security/Server_Side_TLS A new option to "oc adm router", --ciphers, is added to specify the cipher list. The values are modern|intermediate|old, or a ":" separated list of ciphers from "man 1 ciphers" Option --ciphers creates an environmen variable, ROUTER_CIPHERS, which is passed to the router pod. See https://trello.com/c/oeP7vrTZ
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.