Add crypt_hash and crypt_cipher as secauth = deprecated

Question

Add crypt_hash and crypt_cipher as secauth = deprecated

Closed this issue 5 years ago · 0 comments

gss2002 commented 6 years ago

Affected Puppet, Ruby, OS and module versions/distributions

Puppet:
Ruby:
Distribution:
Module version:

How to reproduce (e.g Puppet code you use)

What are you seeing

What behaviour did you expect instead

Support crypt_hash and crypt_cipher as secauth is deprecated.

   crypto_hash
          This specifies which HMAC authentication should be used to authenticate all messages. Valid values are none (no authentication), md5, sha1, sha256, sha384 and sha512.

          The default is sha1.

   crypto_cipher
          This  specifies  which  cipher should be used to encrypt all messages.  Valid values are none (no encryption), aes256, aes192, aes128 and 3des.  Enabling crypto_cipher, requires also
          enabling of crypto_hash.

          The default is aes256.

   secauth
          This specifies that HMAC/SHA1 authentication should be used to authenticate all messages.  It further specifies that all data should be encrypted with  the  nss  library  and  aes256
          encryption algorithm to protect data from eavesdropping.

          Enabling this option adds a encryption header to every message sent by totem which reduces total throughput. Also encryption and authentication consume extra CPU cycles in corosync.

          The default is on.

          WARNING: This parameter is deprecated. It's recomended to use combination of crypto_cipher and crypto_hash.