TechDawg
commented
3 years ago Hi, I'm wondering if there are any plans for this update?
We're really keen to update our telegraf version but are not able to without losing the TLS encryption functionalities of the gNMI input plugin. Happy to help with any diagnostics on Nokia devices if required.
Another issue raised suggest the same errors when the Juniper telemetry plugin authenticates - /issues/8699
Proposal: Implement Advanced TLS configuration support for client type input plugin GNMI input (and all plugins) permitting TLS cipher suites/versions to be specified at the client-side.
Current behavior: Currently, it is only possible to specify tls_cipher_suites/tls_versions on server type input plugins. I believe the current behavior for client type plugins defaults to a specific TLS cipher suite supported by the running version of golang.
Desired behavior: Allow tls_cipher_suites and tls_min/max_version to be specified in configuration files for client-type input plugins...
Use case: Implementing this would allow users to choose which TLS cipher suites and versions should be used for a given gRPC connection providing a higher level of security/control/compatibility. I assume this would share the same benefits if also implemented with other client type input plugins in addition to GNMI input.