ciphers: improve option naming
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
parent
f37167aeff
commit
5ee8dd784f
@ -56,10 +56,12 @@ pub enum DeletableProperty {
|
||||
http_proxy,
|
||||
/// Delete the email-from property.
|
||||
email_from,
|
||||
/// Delete the ciphers-tls13 property.
|
||||
ciphers_tls13,
|
||||
/// Delete the ciphers-tls12 property.
|
||||
ciphers_tls12,
|
||||
/// Delete the ciphers-tls-1.3 property.
|
||||
#[serde(rename="ciphers-tls-1.3")]
|
||||
ciphers_tls_1_3,
|
||||
/// Delete the ciphers-tls-1.2 property.
|
||||
#[serde(rename="ciphers-tls-1.2")]
|
||||
ciphers_tls_1_2,
|
||||
}
|
||||
|
||||
#[api(
|
||||
@ -117,8 +119,8 @@ pub fn update_node_config(
|
||||
DeletableProperty::acmedomain4 => { config.acmedomain4 = None; },
|
||||
DeletableProperty::http_proxy => { config.http_proxy = None; },
|
||||
DeletableProperty::email_from => { config.email_from = None; },
|
||||
DeletableProperty::ciphers_tls13 => { config.ciphers_tls13 = None; },
|
||||
DeletableProperty::ciphers_tls12 => { config.ciphers_tls12 = None; },
|
||||
DeletableProperty::ciphers_tls_1_3 => { config.ciphers_tls_1_3 = None; },
|
||||
DeletableProperty::ciphers_tls_1_2 => { config.ciphers_tls_1_2 = None; },
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -131,8 +133,8 @@ pub fn update_node_config(
|
||||
if update.acmedomain4.is_some() { config.acmedomain4 = update.acmedomain4; }
|
||||
if update.http_proxy.is_some() { config.http_proxy = update.http_proxy; }
|
||||
if update.email_from.is_some() { config.email_from = update.email_from; }
|
||||
if update.ciphers_tls13.is_some() { config.ciphers_tls13 = update.ciphers_tls13; }
|
||||
if update.ciphers_tls12.is_some() { config.ciphers_tls12 = update.ciphers_tls12; }
|
||||
if update.ciphers_tls_1_3.is_some() { config.ciphers_tls_1_3 = update.ciphers_tls_1_3; }
|
||||
if update.ciphers_tls_1_2.is_some() { config.ciphers_tls_1_2 = update.ciphers_tls_1_2; }
|
||||
|
||||
crate::config::node::save_config(&config)?;
|
||||
|
||||
|
@ -343,14 +343,14 @@ fn make_tls_acceptor() -> Result<SslAcceptor, Error> {
|
||||
let cert_path = configdir!("/proxy.pem");
|
||||
|
||||
let (config, _) = proxmox_backup::config::node::config()?;
|
||||
let ciphers_tls13 = config.ciphers_tls13;
|
||||
let ciphers_tls12 = config.ciphers_tls12;
|
||||
let ciphers_tls_1_3 = config.ciphers_tls_1_3;
|
||||
let ciphers_tls_1_2 = config.ciphers_tls_1_2;
|
||||
|
||||
let mut acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap();
|
||||
if let Some(ciphers) = ciphers_tls13.as_deref() {
|
||||
if let Some(ciphers) = ciphers_tls_1_3.as_deref() {
|
||||
acceptor.set_ciphersuites(ciphers)?;
|
||||
}
|
||||
if let Some(ciphers) = ciphers_tls12.as_deref() {
|
||||
if let Some(ciphers) = ciphers_tls_1_2.as_deref() {
|
||||
acceptor.set_cipher_list(ciphers)?;
|
||||
}
|
||||
acceptor.set_private_key_file(key_path, SslFiletype::PEM)
|
||||
|
@ -92,11 +92,11 @@ pub struct AcmeConfig {
|
||||
schema: EMAIL_SCHEMA,
|
||||
optional: true,
|
||||
},
|
||||
"ciphers-tls13": {
|
||||
"ciphers-tls-1.3": {
|
||||
schema: OPENSSL_CIPHERS_TLS_1_3_SCHEMA,
|
||||
optional: true,
|
||||
},
|
||||
"ciphers-tls12": {
|
||||
"ciphers-tls-1.2": {
|
||||
schema: OPENSSL_CIPHERS_TLS_1_2_SCHEMA,
|
||||
optional: true,
|
||||
},
|
||||
@ -131,13 +131,13 @@ pub struct NodeConfig {
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub email_from: Option<String>,
|
||||
|
||||
/// List of SSL ciphers for tls 1.3 that will be used by the proxy. (Proxy has to be restarted for changes to take effect)
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub ciphers_tls13: Option<String>,
|
||||
/// List of TLS ciphers for TLS 1.3 that will be used by the proxy. (Proxy has to be restarted for changes to take effect)
|
||||
#[serde(skip_serializing_if = "Option::is_none", rename="ciphers-tls-1.3")]
|
||||
pub ciphers_tls_1_3: Option<String>,
|
||||
|
||||
/// List of SSL ciphers for tls <= 1.2 that will be used by the proxy. (Proxy has to be restarted for changes to take effect)
|
||||
#[serde(skip_serializing_if = "Option::is_none")]
|
||||
pub ciphers_tls12: Option<String>,
|
||||
/// List of TLS ciphers for TLS <= 1.2 that will be used by the proxy. (Proxy has to be restarted for changes to take effect)
|
||||
#[serde(skip_serializing_if = "Option::is_none", rename="ciphers-tls-1.2")]
|
||||
pub ciphers_tls_1_2: Option<String>,
|
||||
}
|
||||
|
||||
impl NodeConfig {
|
||||
@ -190,10 +190,10 @@ impl NodeConfig {
|
||||
}
|
||||
}
|
||||
let mut dummy_acceptor = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap();
|
||||
if let Some(ciphers) = self.ciphers_tls13.as_deref() {
|
||||
if let Some(ciphers) = self.ciphers_tls_1_3.as_deref() {
|
||||
dummy_acceptor.set_ciphersuites(ciphers)?;
|
||||
}
|
||||
if let Some(ciphers) = self.ciphers_tls12.as_deref() {
|
||||
if let Some(ciphers) = self.ciphers_tls_1_2.as_deref() {
|
||||
dummy_acceptor.set_cipher_list(ciphers)?;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user