TLS option changes#901
Conversation
Replace `ssl_disabled_ciphers` and `tls_disabled_versions` with `tls_ciphers` and `tls_min_version`. A companion to theforeman/smart-proxy@67f34e2
|
Looks like GHAs are having a moment. |
| Array[String] $trusted_hosts = $foreman_proxy::params::trusted_hosts, | ||
| Array[String] $ssl_disabled_ciphers = [], | ||
| Array[String] $tls_disabled_versions = [], | ||
| Optional[String] $tls_ciphers = undef, |
There was a problem hiding this comment.
Just out of curiosity: how do we deal with this during upgrades?..
There was a problem hiding this comment.
I added a changelog entry marking this as a breaking change. A bit heavy handed, but better than nothing.
I could also open a PR against the installer to add a migration to remove the old value from the stored answers, but I'm not sure if that's necessary.
There was a problem hiding this comment.
I added a changelog entry marking this as a breaking change. A bit heavy handed, but better than nothing.
I'd also suggest a changelog entry in https://github.com/theforeman/foreman-documentation/blob/master/guides/doc-Release_Notes/topics/foreman.adoc. Those are a bit more visible to users.
I could also open a PR against the installer to add a migration to remove the old value from the stored answers, but I'm not sure if that's necessary.
IIRC the installer (or really, Kafo) automatically removes keys that no longer exist. The only reason you'd need a migration is to convert the old value to the new. I don't think it's really feasible to do so and an explicit release note is IMHO good enough.
Replace
ssl_disabled_ciphersandtls_disabled_versionswithtls_ciphersandtls_min_version.A companion to theforeman/smart-proxy#947