You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@qpid.apache.org by gm...@apache.org on 2018/07/14 02:19:22 UTC

qpid-dispatch git commit: DISPATCH-1066 - Doc new protocols attribute in sslProfile config procedure.This closes #338

Repository: qpid-dispatch
Updated Branches:
  refs/heads/master 0e6932fae -> edf1d8fbe


DISPATCH-1066 - Doc new protocols attribute in sslProfile config procedure.This closes #338


Project: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/repo
Commit: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/commit/edf1d8fb
Tree: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/tree/edf1d8fb
Diff: http://git-wip-us.apache.org/repos/asf/qpid-dispatch/diff/edf1d8fb

Branch: refs/heads/master
Commit: edf1d8fbe5873328f6338d38bef9800f1f3ea3a1
Parents: 0e6932f
Author: Ben Hardesty <bh...@redhat.com>
Authored: Fri Jul 6 14:43:29 2018 -0400
Committer: Ganesh Murthy <gm...@redhat.com>
Committed: Fri Jul 13 22:17:51 2018 -0400

----------------------------------------------------------------------
 .../user-guide/configuration-security.adoc      | 27 +++++++++++++++++++-
 .../user-guide/managing-using-qdmanage.adoc     |  6 ++---
 2 files changed, 29 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/edf1d8fb/docs/books/user-guide/configuration-security.adoc
----------------------------------------------------------------------
diff --git a/docs/books/user-guide/configuration-security.adoc b/docs/books/user-guide/configuration-security.adoc
index 993cecf..e2d1798 100644
--- a/docs/books/user-guide/configuration-security.adoc
+++ b/docs/books/user-guide/configuration-security.adoc
@@ -52,6 +52,7 @@ You must have the following files in PEM format:
 sslProfile {
     name: _NAME_
     ciphers: _CIPHERS_
+    protocols: _PROTOCOL_
     caCertFile: _PATH_.pem
     certFile: _PATH_.pem
     privateKeyFile: _PATH_.pem
@@ -71,15 +72,39 @@ name: router-ssl-profile
 
 `ciphers`:: The SSL cipher suites that can be used by this SSL/TLS profile. If certain ciphers are unsuitable for your environment, you can use this attribute to restrict them from being used.
 +
-To enable a cipher list, enter one or more cipher strings separated by colons (`:`). For example:
+To enable a cipher list, enter one or more cipher strings separated by colons (`:`). 
 +
+.Enabling a Cipher List
+====
 [options="nowrap"]
 ----
 ciphers: ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
 ----
+====
 +
 To see the full list of available ciphers, use the `openssl ciphers` command. For more information about each cipher, see the link:https://www.openssl.org/docs/manmaster/man1/ciphers.html[ciphers man page^].
 
+`protocols`:: The SSL/TLS protocols that this router can use. You can specify a list of one or more of the following values: TLSv1, TLSv1.1, or TLSv1.2.
++
+To specify multiple protocols, separate the protocols with a space.
++
+.Specifying Multiple Protocols
+====
+This example permits the SSL/TLS profile to use TLS v1.1 and TLS v1.2 only:
+
+[options="nowrap"]
+----
+protocols: TLSv1.1 TLSv1.2
+----
+====
++
+If you do not specify a value, the router will use the TLS protocol specified by the system-wide configuration.
++
+[NOTE]
+====
+When setting the TLS protocol versions for the router, you should also consider the TLS protocol version (or versions) used by your client applications. If a subset of TLS protocol versions does not exist between a client and the router, the client will not be able to connect to the router.
+====
+
 `caCertFile`:: The absolute path to the file that contains the public certificates of trusted certificate authorities (CA).
 +
 For example:

http://git-wip-us.apache.org/repos/asf/qpid-dispatch/blob/edf1d8fb/docs/books/user-guide/managing-using-qdmanage.adoc
----------------------------------------------------------------------
diff --git a/docs/books/user-guide/managing-using-qdmanage.adoc b/docs/books/user-guide/managing-using-qdmanage.adoc
index b22bd6d..c81115d 100644
--- a/docs/books/user-guide/managing-using-qdmanage.adoc
+++ b/docs/books/user-guide/managing-using-qdmanage.adoc
@@ -306,18 +306,18 @@ include::managing-using-qdmanage.adoc[tags=qdmanage-connection-options-note]
 |===
 | To... | Use this command...
 
-|View the router’s SSL configuration
+|View the router’s SSL/TLS configuration
 a|
 [options="nowrap"]
 ----
 qdmanage query --type=sslProfile
 ----
 
-|Set up SSL for the router
+|Set up SSL/TLS for the router
 a|
 [options="nowrap",subs="+quotes"]
 ----
-qdmanage create --type=sslProfile --name=_NAME_ --certDB=_PATH_ --certFile=_PATH_ --privateKeyFile=_PATH_ --_ATTRIBUTE_=_VALUE_ ...
+qdmanage create --type=sslProfile --name=_NAME_ --_ATTRIBUTE_=_VALUE_ ...
 ----
 
 |Add SSL/TLS encryption to an incoming connection


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org