search

zowe / docs-site

Documentation for the Zowe project
https://docs.zowe.org/
Creative Commons Attribution 4.0 International
71 stars 134 forks source link

Document default ciphers used by Zowe #3896

Open zFernand0 opened 1 month ago

zFernand0 commented 1 month ago

Description

We should document all default ciphers used/supported by Zowe. Having it in a central location will be ideal.

Pages to Update

https://docs.zowe.org/stable/user-guide/api-mediation/configuration-at-tls/#ciphers https://docs.zowe.org/stable/user-guide/mvd-configuration#defining-the-at-tls-rule

1000TurquoisePogs commented 1 month ago

Those two pages are for AT-TLS, which is not the only TLS used, nor default. Default (native) TLS of zowe servers (should & probably) is identical across the board since we follow security alerts to always have the most modern list.

One place you can see the list is here https://github.com/zowe/zlux-server-framework/blob/v2.x/staging/lib/unp-constants.js#L293-L307

When using AT-TLS, the user decides the ciphers. We can only recommend. However, our recommendation should closely follow https://wiki.mozilla.org/Security/Server_Side_TLS as this is a regularly updated and respected resource