supported_protocols showed as list #51144
Conversation
there's no mention that the supported_protocols setting is actually a list, which creates confusion at configuration time
|
Pinging @elastic/es-docs (>docs) |
|
Pinging @elastic/es-security (:Security/Network) |
| @@ -516,7 +516,7 @@ and `full`. Defaults to `full`. | |||
| See <<ssl-tls-settings,`ssl.verification_mode`>> for an explanation of these values. | |||
|
|
|||
| `ssl.supported_protocols`:: | |||
| Supported protocols for TLS/SSL (with versions). Defaults to `TLSv1.3,TLSv1.2,TLSv1.1`. | |||
| List of supported protocols for TLS/SSL (with versions). Defaults to `TLSv1.3,TLSv1.2,TLSv1.1` (i.e `[ "TLSv1.3", "TLSv1.2", "TLSv1.1" ]`). | |||
There was a problem hiding this comment.
I think you could reduce the duplication like this:
| List of supported protocols for TLS/SSL (with versions). Defaults to `TLSv1.3,TLSv1.2,TLSv1.1` (i.e `[ "TLSv1.3", "TLSv1.2", "TLSv1.1" ]`). | |
| List of supported protocols for TLS/SSL (with versions). Defaults to `[ "TLSv1.3", "TLSv1.2", "TLSv1.1" ]`. |
There was a problem hiding this comment.
@lcawl , that's totally fine too.
I just didn't want to change the convention in the rest of the document where no double quotes are used, and provide an example of real syntax for a yaml file.
I didn't like the duplication either :)
|
I am working on a PR to synchronize all the common TLS setting definitions: #51017 If this PR is approved by the es-security folks, you don't need to backport it. I'll integrate it into my other PR. |
|
I don't have any particular objections to this PR , but I'd like to understand where the confusion comes from. The existing example, as written should work without change. We split a comma separated string into a list, so there is no need to use YAML list syntax. |
|
Good point about the syntax. The reason was because a lot of users use
double quotes in the text values, so if they try "a,b,c" I believe it won’t
work.
Anyway, besides the syntax, adding the word `list` in the description is
important, at least to clarify it’s a list / array.
For the syntax I’m totally ok if you prefer the original one, as it’s
actually aligned with the rest of the examples.
El El sáb, 18 ene 2020 a las 0:41, Tim Vernum <[email protected]>
escribió:
… I don't have any particular objections to this PR , but I'd like to
understand where the confusion comes from.
The existing example, as written should work without change. We split a
comma separated string into a list, so there is no need to use YAML list
syntax.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#51144?email_source=notifications&email_token=AGBFXJKPB3QW3TG6RDZV6C3Q6I62ZA5CNFSM4KIGOLD2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEJJJBJI#issuecomment-575836325>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AGBFXJJNQOCIRB4EHYQN3H3Q6I62ZANCNFSM4KIGOLDQ>
.
|
That shouldn't make any difference. If people are running into problems with configuring this value then I think it's worth understanding exactly what issue they hit, because I'm not very confident that this change will make much difference to them (which isn't to say that the change is bad, I just don't really follow why the addition of the word "list" would shift the doc from confusing to completely clear). |
|
@tvernum : I totally agree, I thought the syntax was critical but as you said it's working even with "a,b,c" (as soon as it finds at least one valid protocol). I'm closing this PR, definitely the issue I was handling some time ago that lead me to this conclusion was something else. Thanks and sorry for the noise! |
There's no mention that the
supported_protocolssetting is actually a list, which creates confusion at configuration time.I have added the word "list" in every description of the parameter and also included an example with proper syntax.