Bug #50932
closedrgw: beast: lack of TLS settings
0%
Description
Currently Beast frontend is lack of TLS options
For example our production civetweb run with options:
"civetweb port=0.0.0.0:80r+443s enable_keep_alive=yes ssl_protocol_version=4 ssl_certificate=/etc/pki/tls/private/prod.pem ssl_cipher_list=ECDHE-ECDSA-CHACHA20-POLY1305"
Also lack of keepalive: https://tracker.ceph.com/issues/48402
Mark as regression, cause civetweb dropped in master
Updated by Casey Bodley almost 3 years ago
there's some discussion about configuring the protocols and ciphers in https://github.com/ceph/ceph/pull/41384
Updated by Casey Bodley almost 3 years ago
- Related to Bug #50765: impossible to disable TLS 1.0 and 1.1 added
Updated by Mykola Golub almost 3 years ago
- Status changed from New to In Progress
- Assignee set to Mykola Golub
Updated by Mykola Golub almost 3 years ago
- Status changed from In Progress to Fix Under Review
- Pull request ID set to 41579
Updated by Mykola Golub almost 3 years ago
- Backport set to pacific,octopus,nautilus
Updated by Casey Bodley almost 3 years ago
- Status changed from Fix Under Review to Pending Backport
- Backport changed from pacific,octopus,nautilus to pacific octopus
Updated by Backport Bot almost 3 years ago
- Copied to Backport #51698: octopus: rgw: beast: lack of TLS settings added
Updated by Backport Bot almost 3 years ago
- Copied to Backport #51699: pacific: rgw: beast: lack of TLS settings added
Updated by Mykola Golub almost 3 years ago
Hi Casey,
We have plans to backport this to our nautilus based product. For this reason it would be much better for us if this is also backported to nautilus upstream branch, even if the upstream doesn't plan to cut a release any more.
Do you mind if I create the backport ticket and PR for nautilus too? I suppose for nautilus we could backport only the patch that adds a possibility to modify ssl options, without changing the default behaviour.
Updated by Mykola Golub almost 3 years ago
- Backport changed from pacific octopus to pacific octopus nautilus
Updated by Backport Bot almost 3 years ago
- Copied to Backport #51726: nautilus: rgw: beast: lack of TLS settings added
Updated by Backport Bot over 1 year ago
- Tags changed from beast to beast backport_processed
Updated by Konstantin Shalygin over 1 year ago
- Status changed from Pending Backport to Resolved