Public bug reported: lxd uses a very restrictive set of ciphers¹ with a stated goal of enforcing PFS. While this is admirable when it comes to communication between the lxc client and lxd servers, it's unreasonable to enforce that same reduced cipher list when talking to proxies. Proxies are very often outside of the control of the lxd user and it's perfectly reasonable to not care about PFS between me and where I get my images from. Please be more pragmatic about this and allow the user to configure a broader range of accepted ciphers for the purpose of talking to proxies.
-- ¹ https://github.com/lxc/lxd/blob/master/shared/network.go#L53 ** Affects: lxd (Ubuntu) Importance: Undecided Status: New ** Summary changed: - lxd is too restrict about ciphers when it comes to proxies + lxd is too restrictive about ciphers when it comes to proxies -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797440 Title: lxd is too restrictive about ciphers when it comes to proxies To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1797440/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
