bluemix-secure-gateway - npm Package Compare versions

Comparing version 4.3.2 to 4.3.3

package.json

 {
   "name": "bluemix-secure-gateway",
-  "version": "4.3.2",
+  "version": "4.3.3",
   "dependencies": {
@@ -5,0 +5,0 @@ "request": ">=2.40.0"

README.md

@@ -125,9 +125,38 @@ # bluemix-secure-gateway
 * `clientPort` - This will be a cloud destination. This is the port the client will listen on for an incoming connection.
-* `protocol` - The protocol of the destination, one of TCP, UDP, TLS, HTTP, or HTTPS. The default is TCP.
-* `TLS` - One of serverside, mutualauth, or none. Defaults to none. Is only compatible with the TLS protocol.
+* `protocol` - (Required) The protocol of the destination, one of TCP, UDP, TLS, HTTP, or HTTPS.
+* `TLS` - (Required) One of serverside, mutualauth, or none. Defaults to none. Is only compatible with the TLS protocol.
 * `sni` - Server name for the SNI (Server Name Indication) TLS extensions.
-* `enable_client_tls` - Enable TLS for the final outbound connection to the destination. Expected to be a Boolean. Defaults to false.
-* `client_tls` - Either mutualauth or none. Is only compatible with enable_client_tls true. Defaults to none.
+* `enable_client_tls` - (Required) Enable TLS for the final outbound connection to the destination. Expected to be a Boolean.
+* `client_tls` - (Required) Either mutualauth or none. Is only compatible with enable_client_tls true.
 * `private` - Whether iptable rules will be enforced on the cloud host:port connection point. Not supported for cloud destinations. Must be a boolean. Defaults to false.
 
+**Deprecation Notice:**
+
+As of version 4.3.0 the fields are now required: `TLS`, `enable_client_tls`, `client_tls`.
+Secure endpoint stand foremost as Secure Gateway's mission and we felt that defaulting
+to insecure protocols put our API users at risk. The choice is up to you as the user now
+to decide which protocol you want to leverage when creating your destination.
+
+That being said the Secure Gateway Team would like to see users securing their
+entry points in the cloud with TLS Mutual auth in order to ensure that only the traffic
+you expect should enter your Secure Gateway tunnel and then your network.
+
+As an example one can create a Cloud to Onprem destination that secures the Cloud
+entry point with Mutual TLS with the following configuration:
+
+```json
+{
+  "desc": "Mutual Auth Secured Entrypoint to Onprem",
+  "ip": "my.onprem.destination",
+  "port": 9000,
+  "protocol": "TLS",
+  "TLS": "mutualauth",
+  "enable_client_tls": false,
+  "client_tls": "none"
+}
+```
+Note, this only secures the cloud entry point, and in order to secure the final
+path from the Secure Gateway client to the final destination one would need to
+set `enable_client_tls` to `true`, and `client_tls` to `"mutualauth"`.
+
 ### Updating a Destination
@@ -134,0 +163,0 @@ ```javascript

Fixed alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

53321

increased by2.29%

Number of lines in readme file

390

increased by8.03%

Number of medium supply chain risk alerts

0

decreased by-100%

No dependency changes