[Bugs] [Bug 1247153] SSL improvements: ECDH, DH, CRL, and accessible options

Wed Aug 5 11:52:28 UTC 2015

https://bugzilla.redhat.com/show_bug.cgi?id=1247153


--- Comment #5 from Anand Avati <aavati at redhat.com> ---
COMMIT: http://review.gluster.org/11763 committed in release-3.7 by Kaleb
KEITHLEY (kkeithle at redhat.com) 
------
commit ca5b466dcabc8432f68f2cf7a24fae770ad1c0cf
Author: Emmanuel Dreyfus <manu at netbsd.org>
Date:   Thu Jul 30 14:02:43 2015 +0200

    SSL improvements: ECDH, DH, CRL, and accessible options

    - Introduce ssl.dh-param option to specify a file containinf DH parameters.
      If it is provided, EDH ciphers are available.

    - Introduce ssl.ec-curve option to specify an elliptic curve name. If
      unspecified, ECDH ciphers are available using the prime256v1 curve.

    - Introduce ssl.crl-path option to specify the directory where the
      CRL hash file can be found. Setting to NULL disable CRL checking,
      just like the default.

    - Make all ssl.* options accessible through gluster volume set.

    - In default cipher list, exclude weak ciphers instead of listing
      the strong ones.

    - Enforce server cipher preference.

    - introduce RPC_SET_OPT macro to factor repetitive code in
glusterd-volgen.c

    - Add ssl-ciphers.t test to check all the features touched by this change.

    Backport of I7bfd433df6bbf176f4a58e770e06bcdbe22a101a

    Change-Id: I2947eabe76ae0487ecad52a60befb7de473fc90c
    BUG: 1247153
    Signed-off-by: Emmanuel Dreyfus <manu at netbsd.org>@
    Reviewed-on: http://review.gluster.org/11763
    Tested-by: NetBSD Build System <jenkins at build.gluster.org>
    Reviewed-by: Jeff Darcy <jdarcy at redhat.com>

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=dFdVEw6phJ&a=cc_unsubscribe