[dnsdist] Feature Request?

Christopher Engelhard ce at lcts.de
Thu Aug 15 06:18:23 UTC 2019

On 14.08.19 16:38, Remi Gacogne wrote:
> It looks like we don't support that explicitly.. You could probably work
> something around by tuning the allowed ciphers, but I guess an option to
> to select the TLS versions allowed, like ssl_protocols in nginx or
> SSLProtocol in Apache HTTPD, would make sense as well.

That would be very useful.

If I understand the code correctly, dnsdist only falls back on it's
hardcoded ciphers etc. when none are set, right?
So at least on RHEL/CentOS/Fedora it should pick up the system
crypto-policies which can be freely configured.
I don't know if there's a similar mechanism for Debian/...


More information about the dnsdist mailing list