© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
Well, so most proxies do not intercept TLS and instead let you send "CONNECT" through and connect to the target server, in which case there's no reason for us to compromise on ciphers and allow for a potential downgrade and breaking of PFS.
Since we can't really detect a company proxy which does terminate TLS, I think the best option will be an environment variable.
https:/
This restricts the scope of this as much as possible and uses an env variable so that the same can apply to client and server. All LXD internal communications (cluster and server to server) will not be respecting this environment variable and will keep enforcing the strict TLS config.