Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Standardize HTTPS configuration for all Zowe servers #1875

Open
1000TurquoisePogs opened this issue Mar 30, 2023 · 4 comments
Open

Standardize HTTPS configuration for all Zowe servers #1875

1000TurquoisePogs opened this issue Mar 30, 2023 · 4 comments
Assignees
@1000TurquoisePogs
Labels
Epic TSC Technical Steering Committee

Comments

@1000TurquoisePogs
Copy link
Member

1000TurquoisePogs commented Mar 30, 2023
edited
Loading

The builtin TLS capabilities of each Zowe server varies considerably; it can vary by capability, but also by ways in which the capabilities are configured.

Consider these scenarios. How would a user configure all of Zowe's servers to:

  • Limit the minimum TLS version used
  • Limit the maximum TLS version used
  • Limit the ciphers used
  • Limit the curves used
  • Stating which IP/hostname(s) to bind to (including, ipv4 vs ipv6)

Documentation may not exist for several servers, and perhaps some do not even support customizing these things.
Even if they do support & document how to customize these, there would be different ways for each server because the codebases are not unified with regards to this. There are Java ways to do things, there are nodejs ways to do things, etc.

Solution:

  • Create a standard area within zowe.yaml's "zowe" section which details the defaults for HTTPS settings, such as but not limited to the above cases.
  • Create a standard area within each "component" section of zowe.yaml such that each component could have overrides.
  • Document these in the Zowe schema
  • Enhance our servers to utilize this information when available. note: configmgr templating could be used to assign already-existing configuration parameters of our servers to these new standards, so that the enhancement could be reduced to configuration default changes rather than code changes, if desired.
This was referenced Mar 30, 2023
Open
Closed
Closed
@1000TurquoisePogs
Copy link
Member Author

Note an older issue on the subject zowe/zowe-install-packaging#1951

@1000TurquoisePogs 1000TurquoisePogs mentioned this issue Mar 30, 2023
Open
@1000TurquoisePogs
Copy link
Member Author

i started some work here zowe/zowe-install-packaging#3356 but would be happy if others picked it up or gave feedback, because it's something i was only working on with spare time at the moment.

@1000TurquoisePogs 1000TurquoisePogs self-assigned this Apr 14, 2023
@balhar-jakub balhar-jakub added TSC Technical Steering Committee 23pi2 labels May 3, 2023
@1000TurquoisePogs 1000TurquoisePogs mentioned this issue Jul 14, 2023
Closed
@balhar-jakub balhar-jakub removed the 23pi2 label Jan 3, 2024
@1000TurquoisePogs
Copy link
Member Author

This did occur in code at https://github.com/zowe/zowe-install-packaging/blob/v3.x/staging/example-zowe.yaml#L352
The documentation on the subject is already in draft form at zowe/docs-site#3685

What else do we want to say about this subject?
Developer/Extender resources?

@balhar-jakub
Copy link
Member

I think we are ok with these changes to close this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@1000TurquoisePogs 1000TurquoisePogs

Labels
Epic TSC Technical Steering Committee
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@balhar-jakub @1000TurquoisePogs