upstream/icinga-powershell-framework
1
0
Fork 0
mirror of https://github.com/Icinga/icinga-powershell-framework.git synced 2026-02-03 04:09:29 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #732 from Icinga:feature/improve_api_performance_and_enable_tls13

Browse source 
Feature: Adds support to TLS1.3 and improves startup response

Adds support for both, TLS 1.2 and TLS 1.3 while also improving the response of the API for initial startup, by redirecting all calls to thread 0 if not all threads are loaded
This commit is contained in:
Lord Hepipud 2024-05-15 13:47:45 +02:00 committed by GitHub
commit 824b8a231a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/100-General/10-Changelog.md
View file

@ -11,6 +11,8 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic
[Issues and PRs](https://github.com/Icinga/icinga-powershell-framework/milestone/32)
* [#732](https://github.com/Icinga/icinga-powershell-framework/pull/732) Adds support for TLS 1.3 and improves startup response
## 1.12.3 (2024-04-24)
[Issues and PRs](https://github.com/Icinga/icinga-powershell-framework/milestone/35)

6
lib/daemons/RestAPI/daemon/New-IcingaForWindowsRESTApi.psm1
View file

@ -121,9 +121,9 @@ function New-IcingaForWindowsRESTApi()
Write-IcingaDebugMessage -Message 'Scheduling Icinga for Windows API request' -Objects 'REST-Thread Id', $NextRESTApiThreadId;
if ($Global:Icinga.Public.Daemons.RESTApi.ApiRequests.ContainsKey($NextRESTApiThreadId) -eq $FALSE) {
Close-IcingaTCPConnection -Connection $Connection;
$Connection = $null;
continue;
# Ensure we allow API calls to be executed even in case not all threads are loaded
# This will increase responsiveness of the API
$NextRESTApiThreadId = 0;
}
$Global:Icinga.Public.Daemons.RESTApi.ApiRequests.$NextRESTApiThreadId.Add($Connection);

5
lib/webserver/New-IcingaSSLStream.psm1
View file

@ -12,8 +12,9 @@ function New-IcingaSSLStream()
[System.Net.Security.SslStream]$SSLStream = $null;
try {
$SSLStream = New-Object System.Net.Security.SslStream($Client.GetStream(), $false);
$SSLStream.AuthenticateAsServer($Certificate, $false, [System.Security.Authentication.SslProtocols]::Tls12, $true) | Out-Null;
$SSLStream = New-Object System.Net.Security.SslStream($Client.GetStream(), $false);
$TLSProtocols = [System.Security.Authentication.SslProtocols]::Tls12 -bor [System.Security.Authentication.SslProtocols]::Tls13;
$SSLStream.AuthenticateAsServer($Certificate, $false, $TLSProtocols, $true) | Out-Null;
} catch {
if ($null -ne $SSLStream) {
$SSLStream.Close();