Fix a couple typos in documentation and a formatting issue
This commit is contained in:
parent
a6c846b5b6
commit
e07a78c64b
4 changed files with 4 additions and 3 deletions
|
@ -326,7 +326,7 @@ then, upon `reload`, the Step CA will read it's new configuration from the same
|
||||||
configuration file.
|
configuration file.
|
||||||
|
|
||||||
* Step CA requires the password to decrypt the intermediate certificate, again,
|
* Step CA requires the password to decrypt the intermediate certificate, again,
|
||||||
upon `reload`. You can auotmate this in one of two ways:
|
upon `reload`. You can automate this in one of two ways:
|
||||||
|
|
||||||
* Use the `--password-file` flag in the original invocation.
|
* Use the `--password-file` flag in the original invocation.
|
||||||
* Use the top level `password` attribute in the `ca.json` configuration file.
|
* Use the top level `password` attribute in the `ca.json` configuration file.
|
||||||
|
|
|
@ -82,6 +82,7 @@ communication for your own internal infrastructure? There are several reasons:
|
||||||
* Public CAs can't handle client certificates (mutual TLS)
|
* Public CAs can't handle client certificates (mutual TLS)
|
||||||
* It's much harder (and more expensive) to revoke or roll certificates from public CAs
|
* It's much harder (and more expensive) to revoke or roll certificates from public CAs
|
||||||
* It relies on a third party that can subvert your security
|
* It relies on a third party that can subvert your security
|
||||||
|
|
||||||
More broadly, the answer is that web PKI was designed for the web. A lot of the
|
More broadly, the answer is that web PKI was designed for the web. A lot of the
|
||||||
web PKI design decisions aren't appropriate for internal systems.
|
web PKI design decisions aren't appropriate for internal systems.
|
||||||
|
|
||||||
|
|
|
@ -172,7 +172,7 @@ are useless without proper attention to configuration and guidelines.
|
||||||
// - ECDHE key exchange algorithm has perfect forward secrecy
|
// - ECDHE key exchange algorithm has perfect forward secrecy
|
||||||
// - ECDSA has smaller keys and better performance (than RSA)
|
// - ECDSA has smaller keys and better performance (than RSA)
|
||||||
// - CHACHA20 with POLY1305 is the cipher mode used by google.
|
// - CHACHA20 with POLY1305 is the cipher mode used by google.
|
||||||
// - CHACHA20 is more performance than GCM and CBC.
|
// - CHACHA20's performance is better than GCM and CBC.
|
||||||
// NOTE: The http2 spec requires the "TLS_ECDHE_(RSA|ECDSA)_WITH_AES_128_GCM_SHA256"
|
// NOTE: The http2 spec requires the "TLS_ECDHE_(RSA|ECDSA)_WITH_AES_128_GCM_SHA256"
|
||||||
// ciphersuite be accepted by the server, therefore it makes our list of
|
// ciphersuite be accepted by the server, therefore it makes our list of
|
||||||
// default ciphersuites until we build the functionality to modify our defaults
|
// default ciphersuites until we build the functionality to modify our defaults
|
||||||
|
|
|
@ -60,7 +60,7 @@ func (srv *Server) ListenAndServe() error {
|
||||||
return srv.Serve(ln)
|
return srv.Serve(ln)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Serve runs Serve or ServetTLS on the underlaying http.Server and listen to
|
// Serve runs Serve or ServetTLS on the underlying http.Server and listen to
|
||||||
// channels to reload or shutdown the server.
|
// channels to reload or shutdown the server.
|
||||||
func (srv *Server) Serve(ln net.Listener) error {
|
func (srv *Server) Serve(ln net.Listener) error {
|
||||||
var err error
|
var err error
|
||||||
|
|
Loading…
Reference in a new issue