Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add cipher customization support #666

Merged
merged 5 commits into from
Nov 21, 2023
Merged

Add cipher customization support #666

merged 5 commits into from
Nov 21, 2023

Conversation

1000TurquoisePogs
Copy link
Member

@1000TurquoisePogs 1000TurquoisePogs commented Nov 20, 2023
edited
Loading

adds reading array of iana cipher suite strings to customize ciphers

this can be tested by setting either zowe.network.server.tls.ciphers or components.zss.zowe.network.server.tls.ciphers to an array of IANA cipher strings.

this PR also externalizes the default ciphers into defaults.yaml so people can see what they are, though its a little hard to read.

when _zss.mvdserver and _zss.httpserver log levels are set to debug (3) or higher, you will see printout about the behavior - which ciphers were requested and which maps were found, and what the final result is.

to test, i set up my yaml like this:

  network:                                                                                                   
    server:                                                                                                  
      listenAddresses:                                                                                       
      - 0.0.0.0                                                                                              
      tls:                                                                                                   
        minTls: TLSv1.2                                                                                      
        maxTls: TLSv1.3                                                                                      
#        ciphers:                                                                                            
#        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256                                                             
#        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384                                                             
#        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256                                                     
#        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256                                                       
#        - TLS_CHACHA20_POLY1305_SHA256

by uncommenting or commenting, and switching maxTls to 1.2 or 1.3, I was able to check the site details in firefox to see if the right ciphers were being used and at what tls level
image

my testing matched the config & debug output.

@1000TurquoisePogs
Add cipher customization support
dc80192 
Signed-off-by: 1000TurquoisePogs <[email protected]>
@1000TurquoisePogs
compile fixes
4ee6ceb 
Signed-off-by: 1000TurquoisePogs <[email protected]>
@1000TurquoisePogs
Fix json typo
c84c2fc 
Signed-off-by: 1000TurquoisePogs <[email protected]>
@1000TurquoisePogs
Update CHANGELOG.md
0ae1695 
Signed-off-by: 1000TurquoisePogs <[email protected]>
jordanfilteau1995
jordanfilteau1995 approved these changes Nov 20, 2023
View reviewed changes
Copy link
Contributor

@jordanfilteau1995 jordanfilteau1995 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't have any major issues.

c/zss.c Outdated Show resolved Hide resolved
c/zss.c Show resolved Hide resolved
c/zss.c Show resolved Hide resolved
@1000TurquoisePogs
Improvements after review
5e9a607 
Signed-off-by: 1000TurquoisePogs <[email protected]>
@1000TurquoisePogs 1000TurquoisePogs merged commit 79e774a into feature/v2/check-min-max-tls Nov 21, 2023
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jordanfilteau1995 jordanfilteau1995 jordanfilteau1995 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@1000TurquoisePogs @jordanfilteau1995