Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Icessl protocols #2026

Merged
merged 13 commits into from
Apr 5, 2024
Merged

Icessl protocols #2026

merged 13 commits into from
Apr 5, 2024

Conversation

pepone
Copy link
Member

@pepone pepone commented Apr 4, 2024

This PR removes support for setting SSL protocols using IceSSL properties, IceSSL.Protocols, IceSSL.ProtocolVersionMax, and IceSSL.ProtocolVersionMin.

The SSL transport would use the system defaults, there is usually no need to change this. For advanced use cases, you can change the system defaults or use the IceSSL native API.

@externl
Copy link
Member

externl commented Apr 4, 2024

One downside with this change is that the user can no longer change the protocols for the Ice services. Is this an issue?

@pepone
Copy link
Member Author

pepone commented Apr 4, 2024
edited
Loading

One downside with this change is that the user can no longer change the protocols for the Ice services. Is this an issue?

We can keep it and support only 1.2 and 1.3, there is no reason to support anything older. Would you prefer that? I don't see a reason to allow enabling older versions, which might be disabled by the platform and not work.

@externl
Copy link
Member

externl commented Apr 4, 2024

Good point, I forgot this setting is not useful with newer versions of TLS.

externl
externl approved these changes Apr 4, 2024
View reviewed changes
Copy link
Member

@externl externl left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Should we explicitly enable only TLS 1.2 and 1.3 or just rely on what the defaults are set to?

bernardnormier
bernardnormier approved these changes Apr 4, 2024
View reviewed changes
Copy link
Member

@bernardnormier bernardnormier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree: this is an advanced feature, and if you want it, you should use the programmatic API we offer in 3.8.

@pepone pepone merged commit a0d6f13 into zeroc-ice:main Apr 5, 2024
24 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@externl externl externl approved these changes

@bernardnormier bernardnormier bernardnormier approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pepone @externl @bernardnormier