Add options for overriding TLS ciphers used (#5915)

* Add the ability to set TLS cipher suites Added config option to set the TLS ciphers instead of relying on a hardcoded list of ciphers determined by meshcentral. * Added option to use default node ciphers This allows the ciphers used to be set to the recommended ciphers by nodejs, as well as allowing the user to override the ciphers using the "--tls-cipher-list" command line switch for node. * Updated validArguments array to include "usenodedefaulttlsciphers" and "tlsciphers" as options
2025-11-07 12:52:54 -05:00 · 2024-03-09 23:45:10 -08:00
parent dfc08b05a9
commit 150e2337f5
3 changed files with 27 additions and 1 deletions
--- a/meshcentral-config-schema.json
+++ b/meshcentral-config-schema.json
@@ -688,6 +688,19 @@
          "default": false,
          "description": "When true, indicates that a TLS offloader is in front of the MeshCentral server. More typically, set this to the IP address of the reverse proxy or TLS offloader so that IP forwarding headers will be trusted. For example: \"127.0.0.1,192.168.1.100\"."
        },
+        "useNodeDefaultTLSCiphers": {
+          "type": "boolean",
+          "default": false,
+          "description": "When true, get the default TLS ciphers from the node process, rather than using the recommended suites set up by meshcentral"
+        },
+        "tlsCiphers": {
+          "type": [
+            "string",
+            "array"
+          ],
+          "default": null,
+          "description": "Allows user to override the TLS ciphers used by meshcentral by default. If a string, should be a ':' separated list of ciphers to accept. If an array, should be an array of strings representing the ciphers to accept."
+        },
        "trustedProxy": {
          "type": "string",
          "default": null,