Well, so most proxies do not intercept TLS and instead let you send "CONNECT" through and connect to the target server, in which case there's no reason for us to compromise on ciphers and allow for a potential downgrade and breaking of PFS.
Since we can't really detect a company proxy which does terminate TLS, I think the best option will be an environment variable. https://github.com/lxc/lxd/pull/5168 This restricts the scope of this as much as possible and uses an env variable so that the same can apply to client and server. All LXD internal communications (cluster and server to server) will not be respecting this environment variable and will keep enforcing the strict TLS config. ** Changed in: lxd (Ubuntu) Status: New => In Progress -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1797440 Title: lxd is too restrictive about ciphers when it comes to proxies To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxd/+bug/1797440/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
