search

sensu / sensu-go

Simple. Scalable. Multi-cloud monitoring.
https://sensu.io
MIT License
1.02k stars 175 forks source link

Add --api-cipher-suites option to sensu-backend #2953

Open echlebek opened 5 years ago

echlebek commented 5 years ago

Spec

Add configuration to sensu-backend that allows users to specify a comma-separate list of cipher suites for the backend's API server (the server that sensuctl connects to).

If the option is not specified, the server should use the default ciphers that are configured in https://github.com/sensu/sensu-go/blob/master/api/core/v2/tls.go.

Testing

Test the service with https://github.com/drwetter/testssl.sh with a known-good and a known-bad set of ciphers to ensure that the feature is working as expected.

RamblingCookieMonster commented 5 years ago

Ahh, this is a thing. As is, the hard coded list does not support Windows Server 2012 R2. Not that I advocate supporting that, and secure by default is good, but allowing folks to specify the cipher suites to allow would be nice : )