[pve-devel] [PATCH http-server/manager/pmg-api/docs 0/10] expose more TLS knobs

Stoiko Ivanov s.ivanov at proxmox.com
Mon Dec 20 19:01:59 CET 2021


Thanks for the series!

tried each of the option (and verified with `sslscan localhost:8006`)

2 minor cosmetic nits (mentioned as replies to the individual patches)

with and without them LGTM:
Tested-by: Stoiko Ivanov <s.ivanov at proxmox.com>
Reviewed-by: Stoiko Ivanov <s.ivanov at proxmox.com>

On Fri, 17 Dec 2021 13:57:26 +0100
Fabian Grünbichler <f.gruenbichler at proxmox.com> wrote:

> this series adds the following options to /etc/default/$proxy, and
> corresponding handling in pveproxy/pmgproxy/api-server:
> 
> - TLS 1.3 ciphersuites (these are different to < 1.3 cipher lists)
> - disable TLS 1.2 / disable TLS 1.3 option (rest are disabled by default
>   anyway)
> - alternative location for pveproxy-ssl.key outside of /etc/pve (PVE
>   only)
> 
> while not strictly required, it probably makes sense to add a/bump the
> versioned dep from pve-manager/pmg-api to patched
> libpve-http-server-perl - nothing should break, but the new options are
> only handled if both packages are updated.
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel at lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 






More information about the pve-devel mailing list