Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consume configuration for TLS from zowe.network.server #3569

Closed
balhar-jakub opened this issue May 28, 2024 · 2 comments
Closed

Consume configuration for TLS from zowe.network.server #3569

balhar-jakub opened this issue May 28, 2024 · 2 comments
Labels
enhancement New feature or request Priority: High size/S

Comments

@balhar-jakub
Copy link
Member

balhar-jakub commented May 28, 2024
edited
Loading

Is your feature request related to a problem? Please describe.
The App Framework started supporting Zowe wide TLS configuration under zowe.network.server, to simplify configuration work, API ML should support the same.

zowe.network.server.listenAddresses: This is an array of strings of IPv4 or IPv6 addresses that servers will be instructed to listen on.
Default: - "0.0.0.0"

zowe.network.server.tls.maxTls: This is a string stating which TLS version to use as a maximum. The value can be one of "TLSv1.2", "TLSv1.3".
Default: `TLSv1.3"

zowe.network.server.tls.minTls: This is a string stating which TLS version to use as a minimum. The value can be one of "TLSv1.2", "TLSv1.3".
Default: `TLSv1.2"

zowe.network.server.tls.ciphers: This is an array of strings in the format of IANA cipher names. There are many possible values as seen here: https://testssl.sh/openssl-iana.mapping.html
Default: Changes regularly as needed for industry standards. A reference for likely ciphers is here: https://wiki.mozilla.org/Security/Server_Side_TLS

Describe the solution you'd like

zowe:
  network:
    server:
      listenAddresses:
      - "0.0.0.0"
      tls:
        maxTls: "TLSv1.3"
        minTls: "TLSv1.2"
        ciphers:
        - "TLS_AES_128_GCM_SHA256"
        - "TLS_AES_256_GCM_SHA384"
        - "TLS_CHACHA20_POLY1305_SHA256"

Linked docs issue is - zowe/docs-site#3685
@balhar-jakub balhar-jakub added enhancement New feature or request new New issue that has not been worked on yet labels May 28, 2024
@1000TurquoisePogs
Copy link
Member

1000TurquoisePogs commented May 30, 2024
edited
Loading

Please use this code if it is helpful. I started to make changes for APIML but did not finish, and never figured out how to do ciphers.
Most importantly this will help IPv6 support though!

aef60d4...ca3ee68

@balhar-jakub balhar-jakub added Priority: High size/S and removed new New issue that has not been worked on yet labels Jun 5, 2024
@1000TurquoisePogs 1000TurquoisePogs mentioned this issue Jun 14, 2024
Open
@1000TurquoisePogs
Copy link
Member

1000TurquoisePogs commented Jul 3, 2024
edited
Loading

I have updated the branch to include info discovered in #3601.
Perhaps someone would like to test if this branch satisfies this ticket? v2.x.x...feat/use-networking-standard-config

Keep in mind: zowe.yaml defines both client & server customization.
This branch has the following behavior:

server parameters: If component config, use. Else if global config, use. Else default.

client parameters: If component config, use. Else if global config, use. Else if server component config, use. Else if server global config, use. Else default

In effect, one can customize both server & client with server parameters alone, but can customize them separately if ever needed.

@1000TurquoisePogs 1000TurquoisePogs mentioned this issue Jul 9, 2024
Closed
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request Priority: High size/S
Projects
API Mediation Layer Backlog Management
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@balhar-jakub @1000TurquoisePogs