zwass
02/03/2021, 6:57 PMintermediate
? Penny for your thoughts... We could change that default for the next Fleet release.Ryan
02/03/2021, 6:59 PMintermediate
as the default as it’s a bit more flexible but still pretty secure, so perhaps?
I think the problem here is that modern
in 3.6.0 and modern
in 3.7.0 don’t seem to be compatible.zwass
02/03/2021, 7:03 PMintermediate
is the recommended default. I think modern
was a more appropriate default when we first started using their recommendations. If this is biting lots of folks I can cut a 3.7.1 that changes the default, but hopefully setting intermediate
will sort it out.benbass
02/03/2021, 7:04 PMRyan
02/03/2021, 7:04 PMmodern
by defaultmodern
with this diff: https://github.com/fleetdm/fleet/commit/c7dfeeb90c1907861e8bdd4ca27e3723e88a09f7#diff-e458abcf58baf734a5d062e96f1[…]844ba74ef689d7258fd4b9313d349951benbass
02/03/2021, 7:05 PMRyan
02/03/2021, 7:05 PMbenbass
02/03/2021, 7:05 PMRyan
02/03/2021, 7:08 PM*osquery* 4.5.1-1.linux
everywhere which does seem to be working with 1.3, but I’ve downgraded to intermediate
because of Nginx.
In my setup the only reason Nginx is there is to avoid end-users needing to go to a different port, however all of our osquery clients talk directly to Fleet.benbass
02/03/2021, 7:09 PMzwass
02/03/2021, 7:09 PMintermediate
profile has settings at least as good as the former modern
, so it should be fine to use for compatibility.Ryan
02/03/2021, 7:09 PMbenbass
02/03/2021, 7:10 PMRyan
02/03/2021, 7:10 PMintermediate
yeah, it’s still very secure.This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
benbass
02/03/2021, 7:15 PM