Skip to content

slapos
slapos

rapid-cdn: Implement expert SSL downgrade 

expert-backend-allow-downgrade-ssl allows to configure each node to downgrade
SSL negotiation with the backends to insecure, OpenSSL 1 style, ciphers and
algorithms.

It's implemented only per node as it shall be only used in some specific
circumstances and the cluster default (by default) is false. Such separation
allows to setup each node independently, as it requires node restart.

backend-haproxy is hashing backend-haproxy-wrapper:output in order to be
reactive on applied change to the configuration; this will result with node
restart after the configuration.

Note that the special test backend has been moved to different file in order
to start it with subprocess with altered environment; using multiprocessing
with spawn context didn't worked out, as it altered test process and thus
supervisord environment.
1 job for feature/rapid-cdn-backend-allow-degrade-tls in 0 seconds
4423c51a 4423c51af7ea920b3b1077da4088a8f494dbb88a
No related merge requests found.
Status Job ID Name Coverage
  External
passed #755469
external
SlapOS.SoftwareReleases.IntegrationTest-luke/feature/rapid-cdn-backend-allow-degrade-tls

02:37:28

 
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7