MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2024-12-26 23:25:54 -05:00
Code Issues Packages Projects Releases Wiki Activity
fb2360ff88
minio/internal/config/identity
History
Andreas Auernhammer 14876a4df1
ldap: use custom TLS cipher suites (#20221) 
This commit replaces the LDAP client TLS config and
adds a custom list of TLS cipher suites which support
RSA key exchange (RSA kex).

Some LDAP server connections experience a significant slowdown
when these cipher suites are not available. The Go TLS stack
disables them by default. (Can be enabled via GODEBUG=tlsrsakex=1).

fixes https://github.com/minio/minio/issues/20214

With a custom list of TLS ciphers, Go can pick the TLS RSA key-exchange
cipher. Ref:
```
	if c.CipherSuites != nil {
		return c.CipherSuites
	}
	if tlsrsakex.Value() == "1" {
		return defaultCipherSuitesWithRSAKex
	}
```
Ref: https://cs.opensource.google/go/go/+/refs/tags/go1.22.5:src/crypto/tls/common.go;l=1017

Signed-off-by: Andreas Auernhammer <github@aead.dev>
2024-08-07 05:59:47 -07:00
..
ldap ldap: use custom TLS cipher suites (#20221) 2024-08-07 05:59:47 -07:00
openid Removed user and group details from logs (#20072) 2024-07-14 11:12:07 -07:00
plugin ldap: Add user DN attributes list config param (#19758) 2024-05-24 16:05:23 -07:00
tls ldap: Add user DN attributes list config param (#19758) 2024-05-24 16:05:23 -07:00