[pbs-devel] [PATCH proxmox-backup v3 1/4] config: add tls ciphers to NodeConfig

Dietmar Maurer dietmar at proxmox.com
Mon Jan 10 06:40:15 CET 2022


Why do you use a different naming scheme here?

OPENSSL_CIPHER_LIST_REGEX vs. TLS_CIPHERSUITE_LIST_REGEX

What about the following:

TLS1_2_CIPHERSUITE_LIST_REGEX TLS1_3_CIPHERSUITE_LIST_REGEX

And why do the have different syntax at all??

Also, AFAIK there is no TLS version 2 or version 3 (its 1.2 and 1.3). So 
"ciphers-tls2" and "ciphers-tls3" are a bit misleading.

Apache only has a single config called "SSLCipherSuite". Why do we need 
two different configs?

nginx also use a single config "ssl_ciphers"


On 1/8/22 08:08, Hannes Laimer wrote:
> diff --git a/pbs-api-types/src/lib.rs b/pbs-api-types/src/lib.rs
> index 0a0dd33d..b4882064 100644
> --- a/pbs-api-types/src/lib.rs
> +++ b/pbs-api-types/src/lib.rs
> @@ -124,6 +124,10 @@ const_regex! {
>   
>       pub FINGERPRINT_SHA256_REGEX = r"^(?:[0-9a-fA-F][0-9a-fA-F])(?::[0-9a-fA-F][0-9a-fA-F]){31}$";
>   
> +    pub OPENSSL_CIPHER_LIST_REGEX = r"^[A-Za-z0-9!\-+=@, :]+$";
> +
> +    pub TLS_CIPHERSUITE_LIST_REGEX = r"^[A-Za-z0-9_:]+$";
> +





More information about the pbs-devel mailing list