[ceph-users] Re: TLS 1.2 for dashboard
Understood, thank you. On Thu, Jan 25, 2024, 20:24 Sake Ceph wrote: > I would say drop it for squid release or if you keep it in squid, but > going to disable it in a minor release later, please make a note in the > release notes if the option is being removed. > Just my 2 cents :) > > Best regards, > Sake > > ___ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
[ceph-users] Re: TLS 1.2 for dashboard
I would say drop it for squid release or if you keep it in squid, but going to disable it in a minor release later, please make a note in the release notes if the option is being removed. Just my 2 cents :) Best regards, Sake ___ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
[ceph-users] Re: TLS 1.2 for dashboard
Ah okay, thanks for the clarification. In that case, probably we'll need to keep this 1.2 fix for squid i guess. I'll check and will update as necessary. On Thu, Jan 25, 2024, 20:12 Sake Ceph wrote: > Hi Nizamudeen, > > Thank you for your quick response! > > The load balancers support TLS 1.3, but the administrators need to > reconfigure the healthchecks. The only problem, it's a global change for > all load balancers... So not something they change overnight and need to > plan/test for. > > Best regards, > Sake > > > Op 25-01-2024 15:22 CET schreef Nizamudeen A : > > > > > > Hi, > > > > I'll re-open the PR and will merge it to Quincy. Btw i want to know if > the load balancers will be supporting tls 1.3 in future. Because we were > planning to completely drop the tls1.2 support from dashboard because of > security reasons. (But so far we are planning to keep it as it is atleast > for the older releases) > > > > Regards, > > Nizam > > > > > > On Thu, Jan 25, 2024, 19:41 Sake Ceph wrote: > > > After upgrading to 17.2.7 our load balancers can't check the status of > the manager nodes for the dashboard. After some troubleshooting I noticed > only TLS 1.3 is availalbe for the dashboard. > > > > > > Looking at the source (quincy), TLS config got changed from 1.2 to > 1.3. Searching in the tracker I found out that we are not the only one with > troubles and there will be added an option to the dashboard config. Tracker > ID 62940 got backports and the ones for reef and pacific already merged. > But the pull request (63068) for Quincy is closed :( > > > > > > What to do? I hope this one can get merged for 17.2.8. > > > ___ > > > ceph-users mailing list -- ceph-users@ceph.io > > > To unsubscribe send an email to ceph-users-le...@ceph.io > > > > > > > > ___ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
[ceph-users] Re: TLS 1.2 for dashboard
Hi Nizamudeen, Thank you for your quick response! The load balancers support TLS 1.3, but the administrators need to reconfigure the healthchecks. The only problem, it's a global change for all load balancers... So not something they change overnight and need to plan/test for. Best regards, Sake > Op 25-01-2024 15:22 CET schreef Nizamudeen A : > > > Hi, > > I'll re-open the PR and will merge it to Quincy. Btw i want to know if the > load balancers will be supporting tls 1.3 in future. Because we were planning > to completely drop the tls1.2 support from dashboard because of security > reasons. (But so far we are planning to keep it as it is atleast for the > older releases) > > Regards, > Nizam > > > On Thu, Jan 25, 2024, 19:41 Sake Ceph wrote: > > After upgrading to 17.2.7 our load balancers can't check the status of the > > manager nodes for the dashboard. After some troubleshooting I noticed only > > TLS 1.3 is availalbe for the dashboard. > > > > Looking at the source (quincy), TLS config got changed from 1.2 to 1.3. > > Searching in the tracker I found out that we are not the only one with > > troubles and there will be added an option to the dashboard config. Tracker > > ID 62940 got backports and the ones for reef and pacific already merged. > > But the pull request (63068) for Quincy is closed :( > > > > What to do? I hope this one can get merged for 17.2.8. > > ___ > > ceph-users mailing list -- ceph-users@ceph.io > > To unsubscribe send an email to ceph-users-le...@ceph.io > > > > ___ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
[ceph-users] Re: TLS 1.2 for dashboard
Hi, I'll re-open the PR and will merge it to Quincy. Btw i want to know if the load balancers will be supporting tls 1.3 in future. Because we were planning to completely drop the tls1.2 support from dashboard because of security reasons. (But so far we are planning to keep it as it is atleast for the older releases) Regards, Nizam On Thu, Jan 25, 2024, 19:41 Sake Ceph wrote: > After upgrading to 17.2.7 our load balancers can't check the status of the > manager nodes for the dashboard. After some troubleshooting I noticed only > TLS 1.3 is availalbe for the dashboard. > > Looking at the source (quincy), TLS config got changed from 1.2 to 1.3. > Searching in the tracker I found out that we are not the only one with > troubles and there will be added an option to the dashboard config. Tracker > ID 62940 got backports and the ones for reef and pacific already merged. > But the pull request (63068) for Quincy is closed :( > > What to do? I hope this one can get merged for 17.2.8. > ___ > ceph-users mailing list -- ceph-users@ceph.io > To unsubscribe send an email to ceph-users-le...@ceph.io > > ___ ceph-users mailing list -- ceph-users@ceph.io To unsubscribe send an email to ceph-users-le...@ceph.io
