baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Improve ciphersuite examples

Browse source
This commit is contained in:
Constantin Stan 2019-10-08 14:38:04 +02:00 committed by Traefiker Bot
parent 76ead096aa
commit c87a37f804
2 changed files with 39 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
docs/content/migration/v1-to-v2.md
View file

@ -204,7 +204,11 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
minVersion = "VersionTLS12" minVersion = "VersionTLS12"
cipherSuites = [ cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384" "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
] ]
[[entryPoints.web-secure.tls.certificates]] [[entryPoints.web-secure.tls.certificates]]
certFile = "path/to/my.cert" certFile = "path/to/my.cert"
@ -212,7 +216,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
``` ```
```bash tab="CLI" ```bash tab="CLI"
--entryPoints='Name:web-secure Address::443 TLS:path/to/my.cert,path/to/my.key TLS.MinVersion:VersionTLS12 TLS.CipherSuites:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA384' --entryPoints='Name:web-secure Address::443 TLS:path/to/my.cert,path/to/my.key TLS.MinVersion:VersionTLS12 TLS.CipherSuites:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'
``` ```
!!! info "v2" !!! info "v2"
@ -238,8 +242,12 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
[tls.options.myTLSOptions] [tls.options.myTLSOptions]
minVersion = "VersionTLS13" minVersion = "VersionTLS13"
cipherSuites = [ cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384" "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
] ]
``` ```
@ -261,8 +269,11 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
myTLSOptions: myTLSOptions:
minVersion: VersionTLS13 minVersion: VersionTLS13
cipherSuites: cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
``` ```
```yaml tab="K8s IngressRoute" ```yaml tab="K8s IngressRoute"
@ -277,8 +288,11 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
spec: spec:
minVersion: VersionTLS13 minVersion: VersionTLS13
cipherSuites: cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_256_GCM_SHA384 - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
--- ---
apiVersion: traefik.containo.us/v1alpha1 apiVersion: traefik.containo.us/v1alpha1

22
docs/content/routing/routers/index.md
View file

@ -479,8 +479,11 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied
[tls.options.foo] [tls.options.foo]
minVersion = "VersionTLS12" minVersion = "VersionTLS12"
cipherSuites = [ cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384"
] ]
``` ```
@ -500,8 +503,11 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied
foo: foo:
minVersion: VersionTLS12 minVersion: VersionTLS12
cipherSuites: cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
``` ```
!!! important "Conflicting TLS Options" !!! important "Conflicting TLS Options"
@ -852,8 +858,11 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied
[tls.options.foo] [tls.options.foo]
minVersion = "VersionTLS12" minVersion = "VersionTLS12"
cipherSuites = [ cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_RSA_WITH_AES_256_GCM_SHA384"
] ]
``` ```
@ -873,8 +882,11 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied
foo: foo:
minVersion: VersionTLS12 minVersion: VersionTLS12
cipherSuites: cipherSuites:
- "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- "TLS_RSA_WITH_AES_256_GCM_SHA384" - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
``` ```
#### `certResolver` #### `certResolver`