TLS ciphers setting for NATS-server

82 views
Skip to first unread message

MrG35Mon

unread,
Jun 17, 2024, 3:33:42 PM6/17/24
to nats
I've been trying to configure the NATS server to only support TLS_AES_256_GCM_SHA384, but I'm having difficulty getting NATS-SERVER v2.10.16 to enforce it.

Here's the configuration I've been using:
cipher_suites: [
    "TLS_AES_256_GCM_SHA384"
]
curve_preferences: [
    "CurveP384"
]

However, when my nat-c client performs the handshake with the server, it always negotiates TLS_AES_128_GCM_SHA256 instead.

Here's the log entry for reference:
```
[61] 2024/06/17 18:39:34.886308 [DBG] 127.0.0.1:49494 - cid:5 - TLS version 1.3, cipher suite TLS_AES_128_GCM_SHA256
```

I'm pretty confused at this point and not sure what I might have missed.

Any help would be much appreciated.

Thanks,
Eddie

MrG35Mon

unread,
Jun 20, 2024, 1:08:57 PM6/20/24
to nats
Any one have any insight?

Derek Collison

unread,
Jun 21, 2024, 6:23:32 PM6/21/24
to nat...@googlegroups.com
Will take a look this weekend.

--
You received this message because you are subscribed to the Google Groups "nats" group.
To unsubscribe from this group and stop receiving emails from it, send an email to natsio+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/natsio/2406dc6d-9e17-4adf-8d1e-3c28503a3365n%40googlegroups.com.

Derek Collison

unread,
Sep 9, 2024, 6:27:23 PM9/9/24
to nat...@googlegroups.com
These are now ignored with recent versions of Go..
Reply all
Reply to author
Forward
0 new messages