You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2020/08/06 16:04:56 UTC

[GitHub] [trafficcontrol] zrhoffman commented on a change in pull request #4933: Update TO for minimum TLS version

zrhoffman commented on a change in pull request #4933:
URL: https://github.com/apache/trafficcontrol/pull/4933#discussion_r466521317



##########
File path: docs/source/admin/traffic_ops.rst
##########
@@ -443,6 +443,20 @@ This file deals with the configuration parameters of running Traffic Ops itself.
 		:disabled_routes: A list of API route IDs to disable. Requests matching these routes will receive a 503 response. To find the route ID for a given path you would like to disable, run ``./traffic_ops_golang`` using the :option:`--api-routes` option to view all the route information, including route IDs and paths.
 		:ignore_unknown_routes: If ``false`` (default) return an error and prevent startup if unknown route IDs are found. Otherwise, log a warning and continue startup.
 
+	:min_tls_version: An optional field to set the minimum TLS version. Integer value between 769 to 772.
+
+			+---------+------------------+
+			| Setting | Value            |
+			+=========+==================+
+			| 769     | TLS v1 (Default) |
+			+---------+------------------+
+			| 770     | TLS v1.1         |
+			+---------+------------------+
+			| 771     | TLS v1.2         |
+			+---------+------------------+
+			| 772     | TLS v1.3         |

Review comment:
       We should be accepting TLS version strings like `"1.3"`, `"1.2"`, etc. and translate that string to a valid `int` ourselves when reading the config. This is for `cdn.conf`, but for `riak.conf`, we already agreed to use version strings like that. See @rawlinp's [comment](https://github.com/apache/trafficcontrol/pull/4573#discussion_r400346222) in #4573:
   
   > 769, 770, etc are not very intuitive -- would it be better to use a string or float that we translate into `tls.VersionTLS11` from the `tls` package in the stdlib?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org