Forcing TLS 1.2

[iker....@gmail.com]

Hi,

I would like grpc to force use TLS for the secure channel in a python code. I can not find how to specify in grpc.ssl_server_credentials.

Can anyone bring me some light about this function or how to force? I want to discard use of any other version (trying to avoid POODLE or HEARTBEAT vulnerabilites).

Cheers,

Iker.

[Eric Anderson]

We should already be limited to TLS 1.2 by default, as that's mandated by HTTP/2. Our builds also encourage using boringssl, which doesn't have heartbeat support.

--
You received this message because you are subscribed to the Google Groups "grpc.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+unsubscribe@googlegroups.com.
To post to this group, send email to grp...@googlegroups.com.
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/1a4fd94d-e26d-4c1e-ac9d-e71d3c2fc22b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Iker]

    Thanks, is there someway I can check/force TLS1.2? Other than directly testing vulnerability?

    Kind regards,

Iker

[Eric Anderson]

Can you explain more of what you're trying to do? Do you want to audit our code, or are you hoping to have a line in your code that specifies TLS v1.2 to make yourself comfortable it is being used?

I don't know why you'd need to test vulnerabilities. At the very least limit a client to TLS v1.1 and it shouldn't be able to get through TLS handshake.

To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/80d2527e-8581-99c8-3456-73c768183fd7%40gmail.com.

[Iker]

    I want to be sure connection is safe.

    Having a line in my code specifying TLSv1.1 or v1.2 would make myself comfortable.

Iker.

[Cheng Guangdong]

Hi,

Could you kindly tell me how to specify TLS 1.2 in grpc-io code?

Thanks,

Guangdong

在2017年12月15日星期五 UTC-8 上午7:29:39<Iker> 写道：

    I want to be sure connection is safe.

    Having a line in my code specifying TLSv1.1 or v1.2 would make myself comfortable.

Iker.

On 15/12/17 16:20, Eric Anderson wrote:

Can you explain more of what you're trying to do? Do you want to audit our code, or are you hoping to have a line in your code that specifies TLS v1.2 to make yourself comfortable it is being used?

I don't know why you'd need to test vulnerabilities. At the very least limit a client to TLS v1.1 and it shouldn't be able to get through TLS handshake.

On Fri, Dec 15, 2017 at 4:42 AM, Iker <iker....@gmail.com> wrote:

    Thanks, is there someway I can check/force TLS1.2? Other than directly testing vulnerability?

    Kind regards,

Iker

On 14/12/17 23:49, Eric Anderson wrote:

We should already be limited to TLS 1.2 by default, as that's mandated by HTTP/2. Our builds also encourage using boringssl, which doesn't have heartbeat support.

On Wed, Dec 13, 2017 at 8:57 AM, <iker....@gmail.com> wrote:

Hi,

I would like grpc to force use TLS for the secure channel in a python code. I can not find how to specify in grpc.ssl_server_credentials.

Can anyone bring me some light about this function or how to force? I want to discard use of any other version (trying to avoid POODLE or HEARTBEAT vulnerabilites).

Cheers,

Iker.

--
You received this message because you are subscribed to the Google Groups "grpc.io" group.

To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+u...@googlegroups.com.

To post to this group, send email to grp...@googlegroups.com.
Visit this group at https://groups.google.com/group/grpc-io.
To view this discussion on the web visit https://groups.google.com/d/msgid/grpc-io/1a4fd94d-e26d-4c1e-ac9d-e71d3c2fc22b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "grpc.io" group.

To unsubscribe from this group and stop receiving emails from it, send an email to grpc-io+u...@googlegroups.com.

To post to this group, send email to grp...@googlegroups.com.
Visit this group at https://groups.google.com/group/grpc-io.