Allow configuration of TLS mozilla acceptor settings

jszwedko commented 2 years ago

A note for the community

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Use Cases

Currently our TLS acceptors use mozilla_intermediate to set the acceptor settings. This doesn't allow TLS 1.3.

Attempted Solutions

No response

Proposal

Allow configuration of which set of Mozilla settings to use for TLS acceptors.

mozilla_intermediate_v5
mozilla_modern_v5
mozilla_intermediate (current)
mozilla_modern

References

https://github.com/vectordotdev/vector/issues/11959

Version

vector 0.24.1

gaby commented 1 year ago

@jszwedko Any news on this? This is a huge door for vulnerabilities for exposed Vector instances.

I tried changing the defaultnin #17191 but was it closed.

jszwedko commented 1 year ago

@jszwedko Any news on this? This is a huge door for vulnerabilities for exposed Vector instances.

I tried changing the defaultnin #17191 but was it closed.

Unfortunately not yet. We are still very much open to this change; we just want to have it be configurable.

vectordotdev / vector