Re: [dnsdist] Feature Request?
On 14.08.19 16:38, Remi Gacogne wrote: > It looks like we don't support that explicitly.. You could probably work > something around by tuning the allowed ciphers, but I guess an option to > to select the TLS versions allowed, like ssl_protocols in nginx or > SSLProtocol in Apache HTTPD, would make sense as well. That would be very useful. If I understand the code correctly, dnsdist only falls back on it's hardcoded ciphers etc. when none are set, right? So at least on RHEL/CentOS/Fedora it should pick up the system crypto-policies which can be freely configured. I don't know if there's a similar mechanism for Debian/... Best, Christopher ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] Feature Request?
On 8/14/19 4:21 PM, Brian Sullivan wrote: > We have a requirement to not allow negotiation of TLS version to go > below 1.2. Is there a way to configure TLS so that it will only > negotiate version 1.2 or above? It looks like we don't support that explicitly.. You could probably work something around by tuning the allowed ciphers, but I guess an option to to select the TLS versions allowed, like ssl_protocols in nginx or SSLProtocol in Apache HTTPD, would make sense as well. Best regards, -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] Feature Request?
Thanks! Before I do that let me make sure it doesn't already exist in some form. We have a requirement to not allow negotiation of TLS version to go below 1.2. Is there a way to configure TLS so that it will only negotiate version 1.2 or above? Regards, brian On Wed, Aug 14, 2019 at 4:20 AM Remi Gacogne wrote: > Hi Brian, > > On 8/13/19 4:49 PM, Brian Sullivan wrote: > > I'd like to know where I should submit a feature request and what that > > process might be? > > The usual process is to open a new feature request on our Github > repository [1], filling the corresponding parts of the template. > It provides the opportunity for other users to chime in and if the > feature makes sense to use it's usually added to the relevant milestone. > > > [1]: https://github.com/PowerDNS/pdns/issues/new > -- > Remi Gacogne > PowerDNS.COM BV - https://www.powerdns.com/ > > ___ > dnsdist mailing list > dnsdist@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/dnsdist > -- Brian M. Sullivan Senior Staff Security Intelligence Engineer bsulli...@lookout.com | www.lookout.com ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] Feature Request?
Hi Brian, On 8/13/19 4:49 PM, Brian Sullivan wrote: > I'd like to know where I should submit a feature request and what that > process might be? The usual process is to open a new feature request on our Github repository [1], filling the corresponding parts of the template. It provides the opportunity for other users to chime in and if the feature makes sense to use it's usually added to the relevant milestone. [1]: https://github.com/PowerDNS/pdns/issues/new -- Remi Gacogne PowerDNS.COM BV - https://www.powerdns.com/ signature.asc Description: OpenPGP digital signature ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist
Re: [dnsdist] Feature Request?
Hi, Submitting an issue to https://github.com/PowerDNS/pdns would be a first step. But it does not hurt to discuss the feature here. Maybe there's a solution to your problem possible without a new feature. -Otto On Tue, Aug 13, 2019 at 10:49:59AM -0400, Brian Sullivan wrote: > Hi, > > I'd like to know where I should submit a feature request and what that > process might be? > > Thanks, > brian > > -- > > > > Brian M. Sullivan > Senior Staff Security Intelligence Engineer > bsulli...@lookout.com | www.lookout.com > ___ > dnsdist mailing list > dnsdist@mailman.powerdns.com > https://mailman.powerdns.com/mailman/listinfo/dnsdist ___ dnsdist mailing list dnsdist@mailman.powerdns.com https://mailman.powerdns.com/mailman/listinfo/dnsdist