[Bugs] [Bug 1247152] SSL improvements: ECDH, DH, CRL, and accessible options
bugzilla at redhat.com
bugzilla at redhat.com
Wed Aug 5 11:51:46 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1247152
--- Comment #4 from Anand Avati <aavati at redhat.com> ---
COMMIT: http://review.gluster.org/11735 committed in master by Kaleb KEITHLEY
(kkeithle at redhat.com)
------
commit 28fc199d5dc92a69eb2b899bbea23548dc14a39b
Author: Emmanuel Dreyfus <manu at netbsd.org>
Date: Thu Jul 30 13:54:51 2015 +0200
SSL improvements: ECDH, DH, CRL, and accessible options
- Introduce ssl.dh-param option to specify a file containinf DH parameters.
If it is provided, EDH ciphers are available.
- Introduce ssl.ec-curve option to specify an elliptic curve name. If
unspecified, ECDH ciphers are available using the prime256v1 curve.
- Introduce ssl.crl-path option to specify the directory where the
CRL hash file can be found. Setting to NULL disable CRL checking,
just like the default.
- Make all ssl.* options accessible through gluster volume set.
- In default cipher list, exclude weak ciphers instead of listing
the strong ones.
- Enforce server cipher preference.
- introduce RPC_SET_OPT macro to factor repetitive code in
glusterd-volgen.c
- Add ssl-ciphers.t test to check all the features touched by this change.
Change-Id: I7bfd433df6bbf176f4a58e770e06bcdbe22a101a
BUG: 1247152
Signed-off-by: Emmanuel Dreyfus <manu at netbsd.org>
Reviewed-on: http://review.gluster.org/11735
Tested-by: NetBSD Build System <jenkins at build.gluster.org>
Reviewed-by: Kaushal M <kaushal at redhat.com>
Tested-by: Gluster Build System <jenkins at build.gluster.com>
Reviewed-by: Jeff Darcy <jdarcy at redhat.com>
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
More information about the Bugs
mailing list