[dnsdist] Feature Request?

[Christopher Engelhard]

On 14.08.19 16:38, Remi Gacogne wrote:
> It looks like we don't support that explicitly.. You could probably work
> something around by tuning the allowed ciphers, but I guess an option to
> to select the TLS versions allowed, like ssl_protocols in nginx or
> SSLProtocol in Apache HTTPD, would make sense as well.

That would be very useful.

If I understand the code correctly, dnsdist only falls back on it's
hardcoded ciphers etc. when none are set, right?
So at least on RHEL/CentOS/Fedora it should pick up the system
crypto-policies which can be freely configured.
I don't know if there's a similar mechanism for Debian/...

Best,
Christopher