[pve-devel] applied: [PATCH http-server v2] fix #4859: properly configure TLSv1.3 only mode
Thomas Lamprecht
t.lamprecht at proxmox.com
Thu Jul 20 17:20:58 CEST 2023
On 19/07/2023 11:15, Fabian Grünbichler wrote:
> set_min/max_proto_version is recommended upstream nowadays, and it seems to be
> required for some reason if *only* TLS v1.3 is supposed to be enabled.
>
> querying via get_options gives us the union of
> - system-wide openssl defaults
> - our internal SSL defaults
> - flags configured by the user via /etc/default/pveproxy
>
> note that by default only 1.2 and 1.3 are enabled in the first place, so
> disabling either leaves a single version being set as min and max.
>
> Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
> ---
> use `&Net::..` instead of `Net::..` for the constants, else spiceproxy chokes
> on the usage. either variant seems to work for pveproxy.. ?
>
> src/PVE/APIServer/AnyEvent.pm | 17 +++++++++++++++++
> 1 file changed, 17 insertions(+)
>
>
applied, thanks!
More information about the pve-devel
mailing list