Unbound 1.9.0rc1 pre-release
sca at andreasschulze.de
Tue Jan 29 21:40:16 UTC 2019
Am 29.01.19 um 10:22 schrieb Wouter Wijngaards via Unbound-users:
> Unbound 1.9.0rc1 pre-release is available
some points I noticed while diffing against 1.8.3:
tls-chiphers and tls-ciphersuites suggest ciphersuites in an uncommon order
tls-chiphers prefer DHE over ECDHE while DHE is slower
tls-ciphersuites prefer CCM over GCM and Chacha
-> without deeper knowledge I feel, this list is not a good suggestion.
tls-session-ticket-keys: "requires restart to take effect."
2017 I had a conversation with Filippo Valsorda regarding session ticket keys
He suggested to rotate them in terms of hours. OK, that's supported but require unbound
to restart? is not a value.
I would love to see unbound (as well as any other TLS server)
handle that job in a housekeeping thread without administrative interaction.
many build time scripts use #!/usr/bin/sh instead of #!/bin/sh
/usr/bin/sh does not exist on any system I use.
Just wondering, it's not a problem for compilation...
finally: 2 compile time warnings:
./util/configparser.y:2736:3: warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result [-Wunused-result]
(void)asprintf(&new_cstr, "%s\nzone %s", old_cstr?old_cstr:"", $2);
./util/configparser.y:2749:3: warning: ignoring return value of 'asprintf', declared with attribute warn_unused_result [-Wunused-result]
(void)asprintf(&new_cstr, "%s\n%s", old_cstr ? old_cstr : "", $2);
will install on some lab servers...
More information about the Unbound-users