This PR at https://github.com/gocd/gocd/pull/2236 has been merged and, I believe, will be in the 16.7 release which is due out any day now.
-David On Thu, Jul 28, 2016 at 12:03 PM Jarrett Lee <[email protected]> wrote: > The company I work for has a hard requirement on any traffic that crosses > major network boundaries be encrypted. We have GoCD Servers in special > zones that are accessible to our developers' workstations and GoCD Agents > in every zone, including those that are not accessible to developers' > workstations. This means we have a hard requirement on GoCD Agent to GoCD > Server communication being fully encrypted, but it is not. We do understand > what is being sent by HTTP and agree what it poses little to no risk, but > our policy governing inter-zone communication is non-negotiable. > > Currently we have GoCD Agents communicating with the server by wrapping > the comms in stunnel, which works, but has proven to be fragile. We wish to > remove stunnel to improve stability of the service we are offering the devs. > > How can we get rid of the initial communication that occurs over HTTP > (defaults to 8153) or move that communication to HTTPS? > > This must be possible. Is it already baked into newer versions (we are on > 15.2) and is a simple configuration option? If not, is it on the > development backlog somewhere? If it's not available currently or planned, > why is it not planned? Our investment in keeping stunnel working is > becoming so costly, we have considered contributing code to add this and > other features. > > -- > You received this message because you are subscribed to the Google Groups > "go-cd" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
