TlsCipherList client setting
41 views
Skip to first unread message
Guy Foetz
Oct 9, 2020, 6:07:20 AM10/9/20
to bareos-users
Hi,
I want to set the TlsCipherList on the clients and servers to a more secure setting like:
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
but is I put the parameter in the Client or Director section on the client instance, nothing changes, in the debug log I see no change to be done to the TLS settings but i the code I see that if we set a cipher list we should get a least a debug message:
void TlsOpenSsl::SetCipherList(const std::string& cipherlist)
{
Dmsg1(100, "Set cipherlist:\t<%s>\n", cipherlist.c_str());
d_->cipherlist_ = cipherlist;
}
{
Dmsg1(100, "Set cipherlist:\t<%s>\n", cipherlist.c_str());
d_->cipherlist_ = cipherlist;
}
Filedeamon:
FileDaemon {
Name = "name-fd"
MaximumConcurrentJobs = 20
TlsCipherList = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
}
Does someone know what we are doing wrong?
Name = "name-fd"
MaximumConcurrentJobs = 20
TlsCipherList = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
}
Does someone know what we are doing wrong?
Regards,
Guy
Guy Foetz
Nov 17, 2020, 6:04:14 AM11/17/20
to bareos-users
Hi,
just asking if anyone has an idea? :)
Regards,
Guy
Reply all
Reply to author
Forward
0 new messages