refactor(pgsql): set the default ssl version to tlsv1.3,tlsv1.2,tlsv1.1

2021-02-04 15:29:00 +08:00 · 2021-02-04 15:29:00 +08:00 · c3642c5c83
parent 7f349d814e
commit c3642c5c83
2 changed files with 10 additions and 10 deletions
--- a/apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
+++ b/apps/emqx_auth_pgsql/etc/emqx_auth_pgsql.conf
@ -39,13 +39,13 @@ auth.pgsql.encoding = utf8
 ## Value: on | off
 auth.pgsql.ssl = off

-## TLS version
-## You can configure multi-version use "," split,
-## default value is :tlsv1.2
-## Example:
-##    tlsv1.1,tlsv1.2,tlsv1.3
+## TLS version.
 ##
-#auth.pgsql.ssl.tls_versions = tlsv1.2
+## Available enum values:
+##    tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
+##
+## Value: String, seperated by ','
+#auth.pgsql.ssl.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1

 ## SSL keyfile.
 ##
--- a/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema
+++ b/apps/emqx_auth_pgsql/priv/emqx_auth_pgsql.schema
@ -36,7 +36,7 @@
 ]}.

 {mapping, "auth.pgsql.ssl.tls_versions", "emqx_auth_pgsql.server", [
-  {default, "tlsv1.2"},
+  {default, "tlsv1.3,tlsv1.2,tlsv1.1"},
  {datatype, string}
 ]}.

@ -92,9 +92,9 @@
  SslOpts = fun(Prefix) ->
                Filter([{keyfile,    cuttlefish:conf_get(Prefix ++ ".keyfile", Conf, undefined)},
                        {certfile,   cuttlefish:conf_get(Prefix ++ ".certfile", Conf, undefined)},
-                        {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined),
+                        {cacertfile, cuttlefish:conf_get(Prefix ++ ".cacertfile", Conf, undefined)},
                        {versions, [list_to_existing_atom(Value)
-                                    ||Value <- string:tokens(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf), " ,")]}}])
+                                    || Value <- string:tokens(cuttlefish:conf_get(Prefix ++ ".tls_versions", Conf), " ,")]}])
            end,

  %% FIXME: compatible with 4.0-4.2 version format, plan to delete in 5.0