From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: "Fabian Grünbichler" <f.gruenbichler@proxmox.com>
Cc: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH http-server/manager/pmg-api/docs 0/10] expose more TLS knobs
Date: Mon, 20 Dec 2021 19:01:59 +0100 [thread overview]
Message-ID: <20211220190159.2fba4281@rosa.proxmox.com> (raw)
In-Reply-To: <20211217125733.548305-1-f.gruenbichler@proxmox.com>
Thanks for the series!
tried each of the option (and verified with `sslscan localhost:8006`)
2 minor cosmetic nits (mentioned as replies to the individual patches)
with and without them LGTM:
Tested-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-by: Stoiko Ivanov <s.ivanov@proxmox.com>
On Fri, 17 Dec 2021 13:57:26 +0100
Fabian Grünbichler <f.gruenbichler@proxmox.com> wrote:
> this series adds the following options to /etc/default/$proxy, and
> corresponding handling in pveproxy/pmgproxy/api-server:
>
> - TLS 1.3 ciphersuites (these are different to < 1.3 cipher lists)
> - disable TLS 1.2 / disable TLS 1.3 option (rest are disabled by default
> anyway)
> - alternative location for pveproxy-ssl.key outside of /etc/pve (PVE
> only)
>
> while not strictly required, it probably makes sense to add a/bump the
> versioned dep from pve-manager/pmg-api to patched
> libpve-http-server-perl - nothing should break, but the new options are
> only handled if both packages are updated.
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
next prev parent reply other threads:[~2021-12-20 18:02 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-17 12:57 Fabian Grünbichler
2021-12-17 12:57 ` [pve-devel] [PATCH http-server 1/3] fix #3790: allow setting TLS 1.3 cipher suites Fabian Grünbichler
2021-12-20 17:57 ` Stoiko Ivanov
2021-12-17 12:57 ` [pve-devel] [PATCH http-server 2/3] fix #3745: allow overriding TLS key location Fabian Grünbichler
2021-12-17 12:57 ` [pve-devel] [PATCH http-server 3/3] fix #3789: allow disabling TLS v1.2/v1.3 Fabian Grünbichler
2021-12-17 12:57 ` [pve-devel] [PATCH manager 1/3] fix #3790: pass TLS 1.3 ciphersuites if set Fabian Grünbichler
2021-12-17 12:57 ` [pve-devel] [PATCH manager 2/3] fix #3745: handle overridden TLS key location Fabian Grünbichler
2021-12-17 12:57 ` [pve-devel] [PATCH manager 3/3] fix #3789: pass disable TLS 1.2/1.3 options Fabian Grünbichler
2021-12-17 12:57 ` [pve-devel] [PATCH docs] pveproxy: document newly added options Fabian Grünbichler
2021-12-20 18:00 ` Stoiko Ivanov
2022-01-13 16:22 ` [pve-devel] applied: " Thomas Lamprecht
2021-12-17 13:00 ` [pmg-devel] [PATCH pmg-api 1/2] pass TLS 1.3 ciphersuites if set Fabian Grünbichler
2021-12-17 13:00 ` [pmg-devel] [PATCH pmg-api 2/2] pass disable TLS 1.2/1.3 options Fabian Grünbichler
2022-02-03 10:32 ` [pmg-devel] applied: " Thomas Lamprecht
2021-12-17 13:00 ` [pmg-devel] [PATCH pmg-docs] pmgproxy: document newly added options Fabian Grünbichler
2022-02-03 10:32 ` [pmg-devel] applied: " Thomas Lamprecht
2022-02-03 10:32 ` [pmg-devel] applied: [PATCH pmg-api 1/2] pass TLS 1.3 ciphersuites if set Thomas Lamprecht
2021-12-20 18:01 ` Stoiko Ivanov [this message]
2022-01-13 12:36 ` [pve-devel] partially-applied-series: [PATCH http-server/manager/pmg-api/docs 0/10] expose more TLS knobs Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211220190159.2fba4281@rosa.proxmox.com \
--to=s.ivanov@proxmox.com \
--cc=f.gruenbichler@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal