glusterdocs icon indicating copy to clipboard operation
glusterdocs copied to clipboard

Published 20 hours ago verified publisher icon gluster

Section 'Setting up GlusterFS with SSL/TLS' of the Administrator Guide is outdated

Open m-ueberall opened this issue 8 years ago • 5 comments

The section 'Setting up GlusterFS with SSL/TLS' of the Administrator Guide

  • still refers to option "ssl.cert-depth" which got renamed "ssl.certificate-depth" in the meantime
  • does not take into account the 2015 SSL ciphers discussion on the [Gluster-users] mailing list regarding best-practice settings for option "ssl.cipher-list" (apart from two suggestions, the thread did not answer which ciphers can be included/excluded--especially the latter information should be part of the guide!)

m-ueberall avatar Apr 25 '16 17:04 m-ueberall

@m-ueberall Thanks for pointing it out. We will look into this, meanwhile if you would like to send a doc patch on this issue , please feel free to send a PR.

humblec avatar Aug 01 '16 07:08 humblec

With https://github.com/gluster/glusterdocs/pull/215 can this issue be closed?

sankarshanmukhopadhyay avatar Aug 07 '18 01:08 sankarshanmukhopadhyay

@humblec @prashanthpai - please comment if this can be closed.

sankarshanmukhopadhyay avatar Aug 08 '18 02:08 sankarshanmukhopadhyay

The first point has been fixed (certificate-depth). The second one (recommended cipher list) hasn't been fixed yet

prashanthpai avatar Aug 08 '18 03:08 prashanthpai

I'd suggest specifying what's acceptable for auth.ssl-allow, too. Wildcard ('*') seems OK, but regexps ('srv[0-9]+') are not (but they could be very useful!).

NdK73 avatar Jul 22 '19 08:07 NdK73