Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add --api-cipher-suites option to sensu-backend #2953

Open
echlebek opened this issue May 14, 2019 · 1 comment
Open

Add --api-cipher-suites option to sensu-backend #2953

echlebek opened this issue May 14, 2019 · 1 comment
Labels
component:backend Sensu Backend improvements security

Comments

@echlebek
Copy link
Contributor

Spec

Add configuration to sensu-backend that allows users to specify a comma-separate list of cipher suites for the backend's API server (the server that sensuctl connects to).

If the option is not specified, the server should use the default ciphers that are configured in https://github.com/sensu/sensu-go/blob/master/api/core/v2/tls.go.

Testing

Test the service with https://github.com/drwetter/testssl.sh with a known-good and a known-bad set of ciphers to ensure that the feature is working as expected.
@echlebek echlebek mentioned this issue May 14, 2019
Closed
@RamblingCookieMonster
Copy link

Ahh, this is a thing. As is, the hard coded list does not support Windows Server 2012 R2. Not that I advocate supporting that, and secure by default is good, but allowing folks to specify the cipher suites to allow would be nice : )

@calebhailey calebhailey added component:backend Sensu Backend improvements security labels May 6, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
component:backend Sensu Backend improvements security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@calebhailey @echlebek @RamblingCookieMonster