Open ammnt opened 4 years ago
I reckon you'd like to configure the minimum TLS version as well?
@ameshkov, I think using the default maximum TLS version is sufficient. But control of cipther types will not interfere.
Well, cipher suites and TLS versions are connected. ECDH+AESGCM:EECDH+CHACHA20
simply aren't available if you disable TLS 1.2 and older versions.
@ameshkov, yeah, I know. It may make sense to use predefined combinations of TLS versions and cipher types.
@ameshkov, I have an alternative solution in the context of this task. In order not to make this difficult, I suggest to completely disable TLS 1.0 and TLS 1.1 (or even later...) support for encrypted protocols and upstream servers, or make it optional via yaml. Then we can be sure that vulnerable versions of protocols are not used. What do you think?🤔
Hmm, it is possible that we have already done this, could you please check it?
Hmm, it is possible that we have already done this, could you please check it?
Yeah, no support of TLS 1.0 and 1.1 for encrypted protocols. But I don't know how to test this for upstream-servers🙄
I checked the source code and we do set min version to TLS 1.2
@ameshkov, awesome!😙
Hello,
I would like to be able to control the cipher types for DoT. For example, I would like to use only these cipher types: ECDH+AESGCM:EECDH+CHACHA20.
It would be great to have an appropriate flag entry field for this or something like this.
Thank you.