Skip to content
This repository has been archived by the owner on Nov 30, 2021. It is now read-only.

feat(router): read list of preferred ciphers #3873

Merged
merged 1 commit into from Jun 18, 2015

Conversation

wenzowski
Copy link
Contributor

This allows a custom ordered ciphersuite list to be used. For recommendations, read Mozilla's guide to Server Side TLS

One might use their modern compatibility list like so:

deisctl config router set sslCiphers='ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'

noting the single quotes on sslCiphers='...'

@wenzowski wenzowski changed the title feature(router): read list of preferred ciphers feat(router): read list of preferred ciphers Jun 16, 2015
@wenzowski
Copy link
Contributor Author

CI rerun? Failed on database init.

@mboersma
Copy link
Member

I'll run CI again on this. We usually get around to doing that when it hiccups. Sorry about the random failure. 😊

@carmstrong
Copy link
Contributor

Code LGTM.

@wenzowski
Copy link
Contributor Author

Thanks @mboersma

@mboersma
Copy link
Member

Code LGTM.

@carmstrong
Copy link
Contributor

You're on a roll, @wenzowski! Want a job? ;)

carmstrong added a commit that referenced this pull request Jun 18, 2015
feat(router): read list of preferred ciphers
@carmstrong carmstrong merged commit fc8d2a6 into deis:master Jun 18, 2015
@mboersma mboersma modified the milestone: v1.8 Jun 19, 2015
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants