[pbs-devel] [PATCH proxmox-backup v3 1/4] config: add tls ciphers to NodeConfig
Dietmar Maurer
dietmar at proxmox.com
Mon Jan 10 06:40:15 CET 2022
Why do you use a different naming scheme here?
OPENSSL_CIPHER_LIST_REGEX vs. TLS_CIPHERSUITE_LIST_REGEX
What about the following:
TLS1_2_CIPHERSUITE_LIST_REGEX TLS1_3_CIPHERSUITE_LIST_REGEX
And why do the have different syntax at all??
Also, AFAIK there is no TLS version 2 or version 3 (its 1.2 and 1.3). So
"ciphers-tls2" and "ciphers-tls3" are a bit misleading.
Apache only has a single config called "SSLCipherSuite". Why do we need
two different configs?
nginx also use a single config "ssl_ciphers"
On 1/8/22 08:08, Hannes Laimer wrote:
> diff --git a/pbs-api-types/src/lib.rs b/pbs-api-types/src/lib.rs
> index 0a0dd33d..b4882064 100644
> --- a/pbs-api-types/src/lib.rs
> +++ b/pbs-api-types/src/lib.rs
> @@ -124,6 +124,10 @@ const_regex! {
>
> pub FINGERPRINT_SHA256_REGEX = r"^(?:[0-9a-fA-F][0-9a-fA-F])(?::[0-9a-fA-F][0-9a-fA-F]){31}$";
>
> + pub OPENSSL_CIPHER_LIST_REGEX = r"^[A-Za-z0-9!\-+=@, :]+$";
> +
> + pub TLS_CIPHERSUITE_LIST_REGEX = r"^[A-Za-z0-9_:]+$";
> +
More information about the pbs-devel
mailing list