dom/telegraf
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to Go 1.14.3 with testing using 1.13.11 (#7564)

Browse Source
This commit is contained in:
Daniel Nelson
2020-05-26 15:40:25 -07:00
committed by GitHub
parent bdbf57576a
commit d27f676091
13 changed files with 74 additions and 135 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
docs/TLS.md
View File

@@ -20,9 +20,23 @@ For client TLS support we have the following options:
# insecure_skip_verify = false
```
### Server Configuration
The server TLS configuration provides support for TLS mutual authentication:
```toml
## Set one or more allowed client CA certificate file names to
## enable mutually authenticated TLS connections.
# tls_allowed_cacerts = ["/etc/telegraf/clientca.pem"]
## Add service certificate and key.
# tls_cert = "/etc/telegraf/cert.pem"
# tls_key = "/etc/telegraf/key.pem"
```
#### Advanced Configuration
For plugins using the standard client configuration you can also set several
For plugins using the standard server configuration you can also set several
advanced settings. These options are not included in the sample configuration
for the interest of brevity.
@@ -47,14 +61,14 @@ for the interest of brevity.
## "TLS_RSA_WITH_AES_128_CBC_SHA256",
## "TLS_RSA_WITH_AES_128_CBC_SHA",
## "TLS_RSA_WITH_AES_256_CBC_SHA"
# ]
## ]
# tls_cipher_suites = []
## Minimum TLS version that is acceptable.
# tls_min_version = "TLS10"
## Maximum SSL/TLS version that is acceptable.
# tls_max_version = "TLS12"
# tls_max_version = "TLS13"
```
Cipher suites for use with `tls_cipher_suites`:
@@ -80,8 +94,6 @@ Cipher suites for use with `tls_cipher_suites`:
- `TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384`
- `TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305`
- `TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305`
TLS 1.3 cipher suites require Telegraf 1.12 and Go 1.12 or later:
- `TLS_AES_128_GCM_SHA256`
- `TLS_AES_256_GCM_SHA384`
- `TLS_CHACHA20_POLY1305_SHA256`
@@ -90,24 +102,4 @@ TLS versions for use with `tls_min_version` or `tls_max_version`:
- `TLS10`
- `TLS11`
- `TLS12`
- `TLS13` (Telegraf 1.12 and Go 1.12 required, must enable TLS 1.3 using environment variables)
### TLS 1.3
TLS 1.3 is available only on an opt-in basis in Go 1.12. To enable it, set the
GODEBUG environment variable (comma-separated key=value options) such that it
includes "tls13=1".
### Server Configuration
The server TLS configuration provides support for TLS mutual authentication:
```toml
## Set one or more allowed client CA certificate file names to
## enable mutually authenticated TLS connections.
# tls_allowed_cacerts = ["/etc/telegraf/clientca.pem"]
## Add service certificate and key.
# tls_cert = "/etc/telegraf/cert.pem"
# tls_key = "/etc/telegraf/key.pem"
```
- `TLS13`