Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation: cipher-list can be delimited by more than : #634

Closed
JakeChampion opened this issue Sep 7, 2022 · 1 comment · Fixed by #636
Closed

Documentation: cipher-list can be delimited by more than : #634

JakeChampion opened this issue Sep 7, 2022 · 1 comment · Fixed by #636

Comments

@JakeChampion
Copy link
Contributor

The Fastly CLI currently states that the cipher-list delimiter is :

cli/pkg/commands/backend/create.go

Line 93 in 801f0ad

c.CmdClause.Flag("ssl-ciphers", "Colon delimited list of OpenSSL ciphers (see https://www.openssl.org/docs/man1.0.2/man1/ciphers for details)").StringVar(&c.input.SSLCiphers)

However, the OpenSSL cipher-list has multiple characters which can be used as delimiters, it is even allowed to use any combination of them in a single definition.

The characters which can be used as delimiters are:

  • (space)
  • , (comma)
  • : (colon)

I've confirmed these are valid for OpenSSL with this command:

❯ openssl ciphers -v 'NULL-MD5 !RC4:MD5,RC4'

TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD
NULL-MD5                SSLv3 Kx=RSA      Au=RSA  Enc=None      Mac=MD5

I've also confirmed these are valid for Fastly via the Fastly UI and the Fastly API:

❯ curl "https://api.fastly.com/service/1VxyHybBr9aIdijjQcstzN/version/2/backend/fastly" \
-X PUT \
-H 'Accept: application/vnd.api+json;q=1.0,application/json;q=0.9' \
-H 'Content-Type: application/json; charset=UTF-8' \
-H "fastly-key: $FASTLY_KEY" \
--data-raw '{"address":"fastly.com","auto_loadbalance":"0","between_bytes_timeout":10000,"connect_timeout":1000,"error_threshold":0,"first_byte_timeout":15000,"healthcheck":"","max_conn":200,"max_tls_version":"1.1","min_tls_version":"1.0","name":"fastly","override_host":null,"port":443,"request_condition":"","shield":"","ssl_ca_cert":null,"ssl_cert_hostname":"example.com","ssl_check_cert":"1","ssl_ciphers":"NULL-MD5 !RC4:MD5,RC4","ssl_client_cert":null,"ssl_client_key":null,"ssl_sni_hostname":"example.com","use_ssl":"1"}'

{"ipv6":null,"healthcheck":"","error_threshold":0,"client_cert":null,"shield":"","ipv4":null,"ssl_check_cert":true,"max_tls_version":"1.1","override_host":null,"created_at":"2022-09-05T12:22:11Z","weight":100,"ssl_ciphers":"NULL-MD5 !RC4:MD5,RC4","ssl_hostname":null,"updated_at":"2022-09-07T12:00:11Z","request_condition":"","comment":"","ssl_cert_hostname":"example.com","deleted_at":null,"ssl_client_key":null,"auto_loadbalance":false,"use_ssl":true,"service_id":"1VxyHybBr9aIdijjQcstzN","connect_timeout":1000,"ssl_sni_hostname":"example.com","address":"fastly.com","ssl_client_cert":null,"name":"fastly","ssl_ca_cert":null,"version":2,"hostname":"fastly.com","min_tls_version":"1.0","max_conn":200,"between_bytes_timeout":10000,"first_byte_timeout":15000,"port":443}
@Integralist
Copy link
Collaborator

Thanks @JakeChampion. We can just update the flag description to be:

List of OpenSSL ciphers (https://www.openssl.org/docs/man1.0.2/man1/ciphers)

@Integralist Integralist mentioned this issue Sep 7, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

update ssl-ciphers description fastly/cli
2 participants
@Integralist @JakeChampion