On 14.08.19 16:38, Remi Gacogne wrote: > It looks like we don't support that explicitly.. You could probably work > something around by tuning the allowed ciphers, but I guess an option to > to select the TLS versions allowed, like ssl_protocols in nginx or > SSLProtocol in Apache HTTPD, would make sense as well.
That would be very useful. If I understand the code correctly, dnsdist only falls back on it's hardcoded ciphers etc. when none are set, right? So at least on RHEL/CentOS/Fedora it should pick up the system crypto-policies which can be freely configured. I don't know if there's a similar mechanism for Debian/... Best, Christopher _______________________________________________ dnsdist mailing list email@example.com https://mailman.powerdns.com/mailman/listinfo/dnsdist