yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: update description of TLS options incompatible with v1.3

This commit is contained in:
Ivan Dyachkov 2023-06-08 15:26:15 +02:00
parent 0e0d7c10a5
commit 0434e6c6c3
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
rel/i18n/emqx_schema.hocon
View File

@ -92,7 +92,8 @@ mqtt_max_topic_alias.label:
"""Max Topic Alias""" """Max Topic Alias"""
common_ssl_opts_schema_user_lookup_fun.desc: common_ssl_opts_schema_user_lookup_fun.desc:
"""EMQX-internal callback that is used to lookup pre-shared key (PSK) identity.""" """EMQX-internal callback that is used to lookup pre-shared key (PSK) identity.</br>
Has no effect when TLS version is configured (or negotiated) to 1.3"""
common_ssl_opts_schema_user_lookup_fun.label: common_ssl_opts_schema_user_lookup_fun.label:
"""SSL PSK user lookup fun""" """SSL PSK user lookup fun"""
@ -1240,7 +1241,8 @@ The SSL application already takes measures to counter-act such attempts,
but client-initiated renegotiation can be strictly disabled by setting this option to false. but client-initiated renegotiation can be strictly disabled by setting this option to false.
The default value is true. Note that disabling renegotiation can result in The default value is true. Note that disabling renegotiation can result in
long-lived connections becoming unusable due to limits on long-lived connections becoming unusable due to limits on
the number of messages the underlying cipher suite can encipher.""" the number of messages the underlying cipher suite can encipher.</br>
Has no effect when TLS version is configured (or negotiated) to 1.3"""
server_ssl_opts_schema_client_renegotiation.label: server_ssl_opts_schema_client_renegotiation.label:
"""SSL client renegotiation""" """SSL client renegotiation"""
@ -1326,7 +1328,8 @@ common_ssl_opts_schema_secure_renegotiate.desc:
"""SSL parameter renegotiation is a feature that allows a client and a server """SSL parameter renegotiation is a feature that allows a client and a server
to renegotiate the parameters of the SSL connection on the fly. to renegotiate the parameters of the SSL connection on the fly.
RFC 5746 defines a more secure way of doing this. By enabling secure renegotiation, RFC 5746 defines a more secure way of doing this. By enabling secure renegotiation,
you drop support for the insecure renegotiation, prone to MitM attacks.""" you drop support for the insecure renegotiation, prone to MitM attacks.</br>
Has no effect when TLS version is configured (or negotiated) to 1.3"""
common_ssl_opts_schema_secure_renegotiate.label: common_ssl_opts_schema_secure_renegotiate.label:
"""SSL renegotiate""" """SSL renegotiate"""
@ -1361,7 +1364,8 @@ mqtt_max_packet_size.label:
"""Max Packet Size""" """Max Packet Size"""
common_ssl_opts_schema_reuse_sessions.desc: common_ssl_opts_schema_reuse_sessions.desc:
"""Enable TLS session reuse.""" """Enable TLS session reuse.</br>
Has no effect when TLS version is configured (or negotiated) to 1.3"""
common_ssl_opts_schema_reuse_sessions.label: common_ssl_opts_schema_reuse_sessions.label:
"""TLS session reuse""" """TLS session reuse"""