[dnsdist] Feature Request?

Remi Gacogne remi.gacogne at powerdns.com
Wed Aug 14 14:38:23 UTC 2019

On 8/14/19 4:21 PM, Brian Sullivan wrote:
> We have a requirement to not allow negotiation of TLS version to go
> below 1.2. Is there a way to configure TLS so that it will only
> negotiate version 1.2 or above? 

It looks like we don't support that explicitly.. You could probably work
something around by tuning the allowed ciphers, but I guess an option to
to select the TLS versions allowed, like ssl_protocols in nginx or
SSLProtocol in Apache HTTPD, would make sense as well.

Best regards,
Remi Gacogne
PowerDNS.COM BV - https://www.powerdns.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.powerdns.com/pipermail/dnsdist/attachments/20190814/2c57e699/attachment.sig>

More information about the dnsdist mailing list