[pve-devel] [PATCH http-server/manager/pmg-api/docs 0/10] expose more TLS knobs

Fabian Grünbichler f.gruenbichler at proxmox.com
Fri Dec 17 13:57:26 CET 2021


this series adds the following options to /etc/default/$proxy, and
corresponding handling in pveproxy/pmgproxy/api-server:

- TLS 1.3 ciphersuites (these are different to < 1.3 cipher lists)
- disable TLS 1.2 / disable TLS 1.3 option (rest are disabled by default
  anyway)
- alternative location for pveproxy-ssl.key outside of /etc/pve (PVE
  only)

while not strictly required, it probably makes sense to add a/bump the
versioned dep from pve-manager/pmg-api to patched
libpve-http-server-perl - nothing should break, but the new options are
only handled if both packages are updated.




More information about the pve-devel mailing list