You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficcontrol.apache.org by GitBox <gi...@apache.org> on 2020/08/06 16:24:03 UTC

[GitHub] [trafficcontrol] rob05c commented on a change in pull request #4933: Update TO for minimum TLS version

rob05c commented on a change in pull request #4933:
URL: https://github.com/apache/trafficcontrol/pull/4933#discussion_r466532935



##########
File path: docs/source/admin/traffic_ops.rst
##########
@@ -443,6 +443,20 @@ This file deals with the configuration parameters of running Traffic Ops itself.
 		:disabled_routes: A list of API route IDs to disable. Requests matching these routes will receive a 503 response. To find the route ID for a given path you would like to disable, run ``./traffic_ops_golang`` using the :option:`--api-routes` option to view all the route information, including route IDs and paths.
 		:ignore_unknown_routes: If ``false`` (default) return an error and prevent startup if unknown route IDs are found. Otherwise, log a warning and continue startup.
 
+	:min_tls_version: An optional field to set the minimum TLS version. Integer value between 769 to 772.
+
+			+---------+------------------+
+			| Setting | Value            |
+			+=========+==================+
+			| 769     | TLS v1 (Default) |
+			+---------+------------------+
+			| 770     | TLS v1.1         |
+			+---------+------------------+
+			| 771     | TLS v1.2         |
+			+---------+------------------+
+			| 772     | TLS v1.3         |

Review comment:
       Rather than adding `MinTLSVersion`, I think we should put the entire `tls.Config` in the Config. We should do this for all Go apps. There are many config settings in `tls.Config`, such as disabling H2, allows Ciphers, and more. 
   If we keep adding individual options, every time we need something else, it's a code change and a new version.
   
   Whereas if we put `tls.Config` in the app config, it's just a config change for users to add whatever they need with respect to TLS.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org