Zenoss ZenTech Community

Subject:	Serviced should use crypto
Author:	Jan Garaj
Posted:	2015-07-08 17:19

Serviced should use crypto/tls library - https://golang.org/pkg/crypto/tls/
So it should be TLS 1.2.

Devops Monitoring Expert advice: Dockerize/automate/monitor all the things.

DevOps stack: Docker / Kubernetes / Mesos / Zabbix / Zenoss / Grafana / Puppet / Ansible / Vagrant / Terraform / Elasticsearch

Subject:	Out of the box
Author:	[Not Specified]
Posted:	2015-07-09 08:48

Just confirming but you are saying that out of the box Zenoss 5 uses TLS 1.2 or can newer versions of TLS be also implemented like 1.3 Thanks

Subject:	It depends on Go - https:/
Author:	Jan Garaj
Posted:	2015-07-09 11:20

It depends on Go - https://github.com/golang/go/issues/9671 - now it's unplanned.
But maybe serviced (Go) is only proxy for vhost requests and then SSL is handled by zproxy (nginx). You should to test it - the best engineering method :-D Or check source code - https://github.com/control-center/serviced

Subject:	Tested 1.2
Author:	[Not Specified]
Posted:	2015-07-09 13:07

So I did edit the Nginx-zproxy.conf file from the CC GUI by using nginx config. I tried to enable TLS 1.2 but the problem is I need to add my own certificate/key in there but its on my host server. It detects that I entered new fields but does not see my cert/key because its not in the RM container. I can't even enable 1.2 so I don't want to test 1.3 yet. Do you have any ideas as to how to get a container to see my cert/key if its on host server

Subject:	You can use (serviced)
Author:	Jan Garaj
Posted:	2015-07-10 07:46

You can use (serviced) volumes or you can create new image with your cert/key.
If you have RM (not Core), then ask support - the easiest way.

Subject:	TLS Version
Author:	[Not Specified]
Posted:	2015-07-08 09:38

TLS Version