Explicitly setting protocols and ciphers for TLS profiles

[adibrastegarnia]

Based on this scheme

skupper-router/python/skupper_router/management/skrouter.json

Line 679 in b46f834

"protocols": {

,
It appears that setting TLS profiles and ciphers is achievable by creating ConfigMaps using a custom client that specifies these attributes. My question is whether these settings will be effective and if there are any potential side effects to be aware of?

[kgiusti]

Hi - the router will use the protocols (and ciphers) values when configuring TLS connections, so yes that should work. Couple of things to be aware of:

• the router reads its configuration at startup, so you'll need to restart the router after you modify the config
• the router passes these values down to the openssl library, so the values need to be available in the version of openssl the router has been linked to.
• I believe the router control plane won't overwrite these values - let us know otherwise so we can fix it.

I'm interested in your use-case: are you trying to support legacy clients/server that use older TLS protocols/cyphers?

[ganeshmurthy]

@adibrastegarnia , was your question answered ? Can I close this issue ?

[adibrastegarnia]

@adibrastegarnia , was your question answered ? Can I close this issue ?

Yes. Thanks