Sachin,
thanks for your fast answer!
Exposing SSL/TLS configuration is an absolute must if your application supports or depends on it.
In my opinion the bare minimum would be configuration parameters for:
* Certificate * Private Key * TLS protocols * TLS cipher string * verification of server certificates * verification of client certificates
And these should be implemented and documented for all contrail services using TLS for communication.
https://bettercrypto.org/static/applied-crypto-hardening.pdf offers a concise overview of TLS configuration parameters in other services if you need examples.
all the best, Michael
Sachin,
thanks for your fast answer!
Exposing SSL/TLS configuration is an absolute must if your application supports or depends on it.
In my opinion the bare minimum would be configuration parameters for:
* Certificate
* Private Key
* TLS protocols
* TLS cipher string
* verification of server certificates
* verification of client certificates
And these should be implemented and documented for all contrail services using TLS for communication.
https:/ /bettercrypto. org/static/ applied- crypto- hardening. pdf offers a concise overview of TLS configuration parameters in other services if you need examples.
all the best,
Michael