[grpc-io] gRFC A69: Certificate Revocation List Enhancements

https://github.com/grpc/proposal/pull/382 is a gRFC for building more generic CRL (Certificate Revocation List) support in gRPC. Feedback welcome. - Greg -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop recei

[grpc-io] Re: Why SSL renegotiation isn't allowed in gRPC C/C++ stack ?

Hello, SSL renegotiation represents a large attack surface, and historically has caused security issues. Because of this we just haven't seen much interest in it's use, so it hasn't been high up on the feature list to support. We definitely wouldn't want it to be default-on, but I don't see a p

[grpc-io] Re: Minimal TLS version

If you are using TlsCredentials, the default min is 1.2 and max is 1.3: https://github.com/grpc/grpc/blob/35df344f5e17a9cb290ebf0f5b0f03ddb1ff0a97/src/core/lib/security/credentials/tls/grpc_tls_credentials_options.h#L111-L112 Unfortunately there is not documentation for this at the moment. On Fri

[grpc-io] Re: gRPC-C++: Logging SSL handshake failures

Hey, Can you please give me a little more detail around exactly what you're trying to do and looking to log? Are you trying to do it server side or client side? In the meanwhile, https://github.com/grpc/grpc/blob/master/TROUBLESHOOTING.md has info about more verbose logging - it further links

[grpc-io] Re: gRPC-C++: Logging SSL handshake failures

Hello, Thank you for the extra detail - given that, unfortunately I don't think there's currently a good solution to what you are asking for. It would have to be a new feature addition to gRPC - you can open an issue on github for the feature request. The more evidence we have suggesting this i

[grpc-io] Re: GRPC_DEFAULT_SSL_ROOTS_FILE_PATH support in ::grpc::experimental::TlsChannelCredentialsOptions and tsi_create_ssl_client_handshaker_factory_with_options

The TLS Credentials are not designed to support that environment variable. However, the TlsCredentialsOptions have a much more flexible API for configuring certificates via the CertificateProvider interfaces.

[grpc-io] gRFC L127: Adding SPIFFE Root Support to C++ and C-Core APIs

https://github.com/grpc/proposal/pull/506 is a gRFC for changes to the C-Core and C++ root provider APIs. Feedback welcome. - Greg -- You received this message because you are subscribed to the Google Groups "grpc.io" group. To unsubscribe from this group and stop receiving emails from it, se