... | ... | @@ -16,11 +16,11 @@ The TLS support is considered experimental and currently has a number of limitat |
|
|
|
|
|
- The TLS support for the High Availability (HA) hook will be available in a future version.
|
|
|
|
|
|
- The documentation is somewhat lacking, especially in the new Kea ARM section about security. There's a good tutorial available [in the src/lib/asiolink/testutils/ca] about how the create your own certificates and associated files (https://gitlab.isc.org/isc-projects/kea/-/blob/master/src/lib/asiolink/testutils/ca/doc.txt).
|
|
|
- The documentation is somewhat lacking, especially in the new Kea ARM section about security. There's a good tutorial available [in the src/lib/asiolink/testutils/ca](https://gitlab.isc.org/isc-projects/kea/-/blob/master/src/lib/asiolink/testutils/ca/doc.txt) about how the create your own certificates and associated files.
|
|
|
|
|
|
The TLS work will continue in the upcoming releases.
|
|
|
|
|
|
We do encourage people to test this and report their experience. We're particularly interested in which Operating System, OpenSSL or Botan, and Boost versions were used.
|
|
|
We do encourage people to test this and report their experience. We're particularly interested in which operating system, OpenSSL or Botan, and Boost versions were used.
|
|
|
|
|
|
**Database connection recovery rework**. A new parameter `on-fail` now controls what to do on database connection loss. It has three possible values which govern if the DHCP service should be disabled and if Kea should shutdown or continue DHCP service after all the configured tries were exhausted: `stop-retry-exit` (stop DHCP service, attempt to reconnect and terminate if unable to reconnect), `serve-retry-exit` (continue serving DHCP traffic, attempt to reconnect and terminate if unable to reconnect), and `serve-retry-continue` (continue serving DHCP traffic, try to reconnect, and continue serving even if reconnection fails). This is particularly useful for forensic logging and config backend services. Depending on your specific deployment, you may prefer one strategy or another #1621.
|
|
|
|
... | ... | |