TrueCloudLab/frostfs-node
20
1
Fork 28
Code Issues 107 Pull requests 4 Projects Releases 2 Packages 4 Activity Actions

[#878] neofs-node: default to secure TLS settings

Browse source 
Support TLS >=1.2 only and strong cipher suites.

Signed-off-by: Evgenii Stratonikov <evgeniy@nspcc.ru>
This commit is contained in:
Evgenii Stratonikov 2021-11-30 13:07:46 +03:00 committed by Alex Vanin
parent 973e50ad72
commit d1be5b5f9e
5 changed files with 48 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
cmd/neofs-node/config/grpc/config.go
View file

@ -78,6 +78,11 @@ func (tls TLSConfig) CertificateFile() string {
return v
}
// UseInsecureCrypto returns true if TLS 1.2 cipher suite should not be restricted.
func (tls TLSConfig) UseInsecureCrypto() bool {
return config.BoolSafe(tls.cfg, "use_insecure_crypto")
}
// IterateEndpoints iterates over subsections ["0":"N") (N - "num" value)
// of "grpc" section of c, wrap them into Config and passes to f.
//