Github user bhardesty commented on a diff in the pull request: https://github.com/apache/qpid-dispatch/pull/224#discussion_r155831204 --- Diff: python/qpid_dispatch/management/qdrouter.json --- @@ -515,7 +515,12 @@ "type": "string", "description": "Specifies the enabled ciphers so the SSL Ciphers can be hardened. In other words, use this field to disable weak ciphers. The ciphers are specified in the format understood by the OpenSSL library. For example, ciphers can be set to ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; -- The full list of allowed ciphers can be viewed using the openssl ciphers command", "create": true - }, + }, + "protocols": { + "type": "string", + "description": "This list is a space separated string of the allowed TLS protocols. The current possibilities are TLSv1 TLSv1.1 TLSv1.2. For example, if you want to permit only TLS V.1.1 and TLSv1.2, your value for the protocols would be TLSv1.1 TLSv1.2. If this attribute is not set, then all the TLS protocols are allowed.", --- End diff -- A couple notes about the description: I think it's most user-friendly to first define the attribute and then describe the syntax for using it. Something like this: > The TLS protocols that this sslProfile can use. You can specify a list of one or more of TLSv1, TLSv1.1, or TLSv1.2. To specify multiple protocols, separate the protocols with a space. For example, to permit the sslProfile to use TLS v1.1 and TLS v1.2 only, you would set the value to TLSv1.1 TLSv1.2. If you do not specify a value, the sslProfile uses the TLS protocol specified by the system-wide configuration. Instead of "TLSv1", it would be better to make the value "TLSv1.0". That would make it clear that it's referring to the 1.0 version, and not a superset of 1.x. Also, we should define "system-wide configuration" - where would this be defined?
--- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org