From e34470f9f2e045f76ee4012788c16a6b4b130870 Mon Sep 17 00:00:00 2001
From: William Yang <mscame@gmail.com>
Date: Tue, 15 Jun 2021 09:23:11 +0200
Subject: [PATCH] feat(quic): remove unsupported configs.

---
 apps/emqx/etc/emqx.conf | 262 +++++++++-------------------------------
 1 file changed, 60 insertions(+), 202 deletions(-)

diff --git a/apps/emqx/etc/emqx.conf b/apps/emqx/etc/emqx.conf
index b115964cf..f9c1d26ff 100644
--- a/apps/emqx/etc/emqx.conf
+++ b/apps/emqx/etc/emqx.conf
@@ -2184,43 +2184,21 @@ listener.quic.external.max_connections = 16
 ## Value: Number
 listener.quic.external.max_conn_rate = 1000
 
-# ## Simulate the {active, N} option for the MQTT/QUIC connections.
-# ##
-# ## Value: Number
-# listener.quic.external.active_n = 100
+## Simulate the {active, N} option for the MQTT/QUIC connections.
+## @todo
+## Value: Number
+## listener.quic.external.active_n = 100
 
 ## Zone of the external MQTT/QUIC listener belonged to.
 ##
 ## Value: String
 listener.quic.external.zone = external
 
-# ## The access control rules for the MQTT/QUIC listener.
-# ##
-# ## See: listener.tcp.$name.access.<no>
-# ##
-# ## Value: ACL Rule
-# listener.quic.external.access.1 = "allow all"
-
-# ## Sets the timeout for proxy protocol.
-# ##
-# ## See: listener.tcp.$name.proxy_protocol_timeout
-# ##
-# ## Value: Duration
-# ## listener.quic.external.proxy_protocol_timeout = 3s
-
-# ## TLS versions only to protect from POODLE attack.
-# ##
-# ## See: listener.ssl.$name.tls_versions
-# ##
-# ## Value: String, seperated by ','
-# ## NOTE: Do not use tlsv1.3 if emqx is running on OTP-22 or earlier
-# ## listener.quic.external.tls_versions = tlsv1.3,tlsv1.2,tlsv1.1,tlsv1
-
-# ## Path to the file containing the user's private PEM-encoded key.
-# ##
-# ## See: listener.ssl.$name.keyfile
-# ##
-# ## Value: File
+## Path to the file containing the user's private PEM-encoded key.
+##
+## See: listener.ssl.$name.keyfile
+##
+## Value: File
 listener.quic.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
 
 ## Path to a file containing the user certificate.
@@ -2230,214 +2208,94 @@ listener.quic.external.keyfile = "{{ platform_etc_dir }}/certs/key.pem"
 ## Value: File
 listener.quic.external.certfile = "{{ platform_etc_dir }}/certs/cert.pem"
 
-# ## Path to the file containing PEM-encoded CA certificates.
-# ##
-# ## See: listener.ssl.$name.cacert
-# ##
-# ## Value: File
-# ## listener.quic.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
+## Path to the file containing PEM-encoded CA certificates.
+## @todo
+## See: listener.ssl.$name.cacert
+##
+## Value: File
+## listener.quic.external.cacertfile = {{ platform_etc_dir }}/certs/cacert.pem
 
-# ## Maximum number of non-self-issued intermediate certificates that
-# ## can follow the peer certificate in a valid certification path.
-# ##
-# ## See: listener.ssl.external.depth
-# ##
-# ## Value: Number
-# ## listener.quic.external.depth = 10
+## String containing the user's password. Only used if the private keyfile
+## is password-protected.
+## @todo
+## See: listener.ssl.$name.key_password
+##
+## Value: String
+## listener.quic.external.key_password = yourpass
 
-# ## String containing the user's password. Only used if the private keyfile
-# ## is password-protected.
-# ##
-# ## See: listener.ssl.$name.key_password
-# ##
-# ## Value: String
-# ## listener.quic.external.key_password = yourpass
+## See: listener.ssl.$name.verify
+## @todo
+## Value: verify_peer | verify_none
+## listener.quic.external.verify = verify_peer
 
-# ## See: listener.ssl.$name.dhfile
-# ##
-# ## Value: File
-# ## listener.ssl.external.dhfile = {{ platform_etc_dir }}/certs/dh-params.pem
+## See: listener.ssl.$name.fail_if_no_peer_cert
+## @todo
+## Value: false | true
+## listener.quic.external.fail_if_no_peer_cert = true
 
-# ## See: listener.ssl.$name.verify
-# ##
-# ## Value: verify_peer | verify_none
-# ## listener.quic.external.verify = verify_peer
+## See: listener.ssl.$name.ciphers
+## @todo
+## Value: Ciphers
+listener.quic.external.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256"
 
-# ## See: listener.ssl.$name.fail_if_no_peer_cert
-# ##
-# ## Value: false | true
-# ## listener.quic.external.fail_if_no_peer_cert = true
+## Ciphers for TLS PSK.
+## @todo
+## Note that 'listener.quic.external.ciphers' and 'listener.quic.external.psk_ciphers' cannot
+## be configured at the same time.
+## See 'https://tools.ietf.org/html/rfc4279#section-2'.
+## listener.quic.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
 
-# ## See: listener.ssl.$name.ciphers
-# ##
-# ## Value: Ciphers
-listener.quic.external.ciphers = "TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_CCM_SHA256,TLS_AES_128_CCM_8_SHA256,ECDHE-ECDSA-AES256-GCM-SHA384,ECDHE-RSA-AES256-GCM-SHA384,ECDHE-ECDSA-AES256-SHA384,ECDHE-RSA-AES256-SHA384,ECDHE-ECDSA-DES-CBC3-SHA,ECDH-ECDSA-AES256-GCM-SHA384,ECDH-RSA-AES256-GCM-SHA384,ECDH-ECDSA-AES256-SHA384,ECDH-RSA-AES256-SHA384,DHE-DSS-AES256-GCM-SHA384,DHE-DSS-AES256-SHA256,AES256-GCM-SHA384,AES256-SHA256,ECDHE-ECDSA-AES128-GCM-SHA256,ECDHE-RSA-AES128-GCM-SHA256,ECDHE-ECDSA-AES128-SHA256,ECDHE-RSA-AES128-SHA256,ECDH-ECDSA-AES128-GCM-SHA256,ECDH-RSA-AES128-GCM-SHA256,ECDH-ECDSA-AES128-SHA256,ECDH-RSA-AES128-SHA256,DHE-DSS-AES128-GCM-SHA256,DHE-DSS-AES128-SHA256,AES128-GCM-SHA256,AES128-SHA256,ECDHE-ECDSA-AES256-SHA,ECDHE-RSA-AES256-SHA,DHE-DSS-AES256-SHA,ECDH-ECDSA-AES256-SHA,ECDH-RSA-AES256-SHA,AES256-SHA,ECDHE-ECDSA-AES128-SHA,ECDHE-RSA-AES128-SHA,DHE-DSS-AES128-SHA,ECDH-ECDSA-AES128-SHA,ECDH-RSA-AES128-SHA,AES128-SHA"
+## See: listener.ssl.$name.honor_cipher_order
+## @todo
+## Value: on | off
+## listener.quic.external.honor_cipher_order = on
 
-# ## Ciphers for TLS PSK.
-# ## Note that 'listener.quic.external.ciphers' and 'listener.quic.external.psk_ciphers' cannot
-# ## be configured at the same time.
-# ## See 'https://tools.ietf.org/html/rfc4279#section-2'.
-# ## listener.quic.external.psk_ciphers = PSK-AES128-CBC-SHA,PSK-AES256-CBC-SHA,PSK-3DES-EDE-CBC-SHA,PSK-RC4-SHA
-
-# ## See: listener.ssl.$name.secure_renegotiate
-# ##
-# ## Value: on | off
-# ## listener.quic.external.secure_renegotiate = off
-
-# ## See: listener.ssl.$name.reuse_sessions
-# ##
-# ## Value: on | off
-# ## listener.quic.external.reuse_sessions = on
-
-# ## See: listener.ssl.$name.honor_cipher_order
-# ##
-# ## Value: on | off
-# ## listener.quic.external.honor_cipher_order = on
-
-# ## See: listener.ssl.$name.peer_cert_as_username
-# ##
-# ## Value: cn | dn | crt | pem | md5
-# ## listener.quic.external.peer_cert_as_username = cn
-
-# ## See: listener.ssl.$name.peer_cert_as_clientid
-# ##
-# ## Value: cn | dn | crt | pem | md5
-# ## listener.quic.external.peer_cert_as_clientid = cn
-
-# ## TCP backlog for the QUIC connection.
-# ##
-# ## See: listener.tcp.$name.backlog
-# ##
-# ## Value: Number >= 0
-# listener.quic.external.backlog = 1024
-
-# ## The TCP send timeout for the QUIC connection.
-# ##
-# ## See: listener.tcp.$name.send_timeout
-# ##
-# ## Value: Duration
+## The send timeout for the QUIC stream.
+## @todo
+##
+## Value: Duration
 # listener.quic.external.send_timeout = 15s
 
-# ## Close the QUIC connection if send timeout.
-# ##
-# ## See: listener.tcp.$name.send_timeout_close
-# ##
-# ## Value: on | off
-# listener.quic.external.send_timeout_close = on
-
-## The TCP receive buffer(os kernel) for the QUIC connections.
+## Close the QUIC connection if send timeout.
+## @todo
+## See: listener.tcp.$name.send_timeout_close
 ##
+## Value: on | off
+## listener.quic.external.send_timeout_close = on
+
+## The receive buffer for the QUIC connections.
+## @todo
 ## See: listener.tcp.$name.recbuf
 ##
 ## Value: Bytes
 ## listener.quic.external.recbuf = 4KB
 
 ## The TCP send buffer(os kernel) for the QUIC connections.
-##
+## @todo
 ## See: listener.tcp.$name.sndbuf
 ##
 ## Value: Bytes
 ## listener.quic.external.sndbuf = 4KB
 
 ## The size of the user-level software buffer used by the driver.
-##
+## @todo
 ## See: listener.tcp.$name.buffer
 ##
 ## Value: Bytes
 ## listener.quic.external.buffer = 4KB
 
-## The TCP_NODELAY flag for QUIC connections.
-##
-## See: listener.tcp.$name.nodelay
-##
-## Value: true | false
-## listener.quic.external.nodelay = true
-
-## The compress flag for external QUIC connections.
-##
-## If this Value is set true,the websocket message would be compressed
-##
-## Value: true | false
-## listener.quic.external.compress = true
-
-## The level of deflate options for external QUIC connections.
-##
-## See: listener.quic.$name.deflate_opts.level
-##
-## Value: none | default | best_compression | best_speed
-## listener.quic.external.deflate_opts.level = default
-
-## The mem_level of deflate options for external QUIC connections.
-##
-## See: listener.quic.$name.deflate_opts.mem_level
-##
-## Valid range is 1-9
-## listener.quic.external.deflate_opts.mem_level = 8
-
-## The strategy of deflate options for external QUIC connections.
-##
-## See: listener.quic.$name.deflate_opts.strategy
-##
-## Value: default | filtered | huffman_only | rle
-## listener.quic.external.deflate_opts.strategy = default
-
-## The deflate option for external QUIC connections.
-##
-## See: listener.quic.$name.deflate_opts.server_context_takeover
-##
-## Value: takeover | no_takeover
-## listener.quic.external.deflate_opts.server_context_takeover = takeover
-
-## The deflate option for external QUIC connections.
-##
-## See: listener.quic.$name.deflate_opts.client_context_takeover
-##
-## Value: takeover | no_takeover
-## listener.quic.external.deflate_opts.client_context_takeover = takeover
-
-## The deflate options for external QUIC connections.
-##
-## See: listener.quic.$name.deflate_opts.server_max_window_bits
-##
-## Valid range is 8-15
-## listener.quic.external.deflate_opts.server_max_window_bits = 15
-
-## The deflate options for external QUIC connections.
-##
-## See: listener.quic.$name.deflate_opts.client_max_window_bits
-##
-## Valid range is 8-15
-## listener.quic.external.deflate_opts.client_max_window_bits = 15
-
 ## The idle timeout for external QUIC connections.
-##
+## @todo
 ## See: listener.quic.$name.idle_timeout
 ##
 ## Value: Duration
 ## listener.quic.external.idle_timeout = 60s
 
 ## The max frame size for external QUIC connections.
-##
+## @todo
 ## Value: Number
 ## listener.quic.external.max_frame_size = 0
 
-## Whether a WebSocket message is allowed to contain multiple MQTT packets
-##
-## Value: single | multiple
-#listener.quic.external.mqtt_piggyback = multiple
-## Enable origin check in header for secure websocket connection
-##
-## Value: true | false (default false)
-#listener.quic.external.check_origin_enable = false
-## Allow origin to be absent in header in secure websocket connection  when check_origin_enable is true
-##
-## Value: true | false (default true)
-#listener.quic.external.allow_origin_absence = true
-## Comma separated list of allowed origin in header for secure websocket connection
-##
-## Value: http://url eg. https://localhost:8084, https://127.0.0.1:8084
-#listener.quic.external.check_origins = "https://localhost:8084, https://127.0.0.1:8084"
-
 ## CONFIG_SECTION_END=listeners ================================================
 
 ## CONFIG_SECTION_BGN=modules ==================================================