From 483902a64d73384ee0fe4400385249f711479281 Mon Sep 17 00:00:00 2001 From: 1000TurquoisePogs Date: Thu, 16 Nov 2023 06:57:25 -0500 Subject: [PATCH] Fixed schema errors and added curve and cipher customization Signed-off-by: 1000TurquoisePogs --- CHANGELOG.md | 7 ++++++- defaults/serverConfig/defaults.yaml | 20 ++++++++++++++++++-- schemas/app-server-config.json | 9 ++++++++- 3 files changed, 32 insertions(+), 4 deletions(-) mode change 100644 => 100755 schemas/app-server-config.json diff --git a/CHANGELOG.md b/CHANGELOG.md index b5cb675..6f98ed3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,7 +1,12 @@ # Zlux App Server Changelog All notable changes to the Zlux App Server package will be documented in this file. - + +## v2.13.0 +- Enhancement: Updated schema to allow cipher customization in IANA format. (#284) +- Enhancement: Updated schema to allow curve customization. (#284) +- Enhancement: Updated defaults to read TLS settings and IP settings from the "zowe.network.server" attribute of Zowe.yaml. (#284) + ## v2.12.0 - enhancement: new versions of components can change the location of their plugins, as the app-server will now re-inspect the plugin locations on each startup. (#280) - bugfix: Removed error message "components/app-server/bin/configure.sh 26: .: FSUM6807 expression syntax error" seen in startup of Zowe in v2.11.0, caused by incorrect shell syntax. (#283) diff --git a/defaults/serverConfig/defaults.yaml b/defaults/serverConfig/defaults.yaml index f8461d2..87db761 100644 --- a/defaults/serverConfig/defaults.yaml +++ b/defaults/serverConfig/defaults.yaml @@ -72,7 +72,7 @@ components: } else if (zowe.network?.server?.tls?.maxTls) { return zowe.network.server.tls.maxTls; } else { - return "TLSv1.3"; + return "TLSv1.3"; } }; a() }}' minTls: '${{ function a(){ if (components["app-server"].zowe?.network?.server?.tls?.minTls) { @@ -80,7 +80,23 @@ components: } else if (zowe.network?.server?.tls?.minTls) { return zowe.network.server.tls.minTls; } else { - return "TLSv1.2"; + return "TLSv1.2"; } }; + a() }}' + ciphers: '${{ function a(){ + if (components["app-server"].zowe?.network?.server?.tls?.ciphers) { + return components["app-server"].zowe.network.server.tls.ciphers.join(":"); + } else if (zowe.network?.server?.tls?.ciphers) { + return zowe.network.server.tls.ciphers.join(":"); + } else { + return "" } }; + a() }}' + curves: '${{ function a(){ + if (components["app-server"].zowe?.network?.server?.tls?.curves) { + return components["app-server"].zowe.network.server.tls.curves; + } else if (zowe.network?.server?.tls?.curves) { + return zowe.network.server.tls.curves; + } else { + return [] } }; a() }}' loopbackAddress: "${{ function a(){ if (process.env.ZOWE_LOOPBACK_ADDRESS) { return process.env.ZOWE_LOOPBACK_ADDRESS; } else { return undefined; } }; a() }}" mediationLayer: diff --git a/schemas/app-server-config.json b/schemas/app-server-config.json old mode 100644 new mode 100755 index e815562..17edc05 --- a/schemas/app-server-config.json +++ b/schemas/app-server-config.json @@ -55,6 +55,13 @@ { "$ref": "#/$defs/customCiphers" } ] }, + "curves": { + "type": "array", + "description": "A list of curve NIDs or names, for example P-521, P-384, P-256", + "items": { + "type": "string" + } + }, "enableTrace": { "type": "boolean", "default": false @@ -620,7 +627,7 @@ { "$ref": "#/$defs/zoweDefaultCiphers" } ] }, - "description": "Instructs app-server to use the list of ciphers in this string when using TLS. String must be in the form defined here https://nodejs.org/api/tls.html#modifying-the-default-tls-cipher-suite" + "description": "Instructs app-server to use the list of ciphers in this string when using TLS. String is a colon separated list of IANA or openSSL names" }, "headerCustomization": { "type": "object",