Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: require TLSv1.3 when connecting using IAM authentication #506

Merged
merged 2 commits into from
May 25, 2021
Merged

fix: require TLSv1.3 when connecting using IAM authentication #506

merged 2 commits into from
May 25, 2021

Conversation

shubha-rajan
Copy link
Contributor

@shubha-rajan shubha-rajan commented May 24, 2021
edited
Loading

Change Description

Require TLS v1.3 when connecting with IAM auth so that OAuth2 token is encrypted during handshake.

Checklist

  • Make sure to open an issue as a
    bug/issue
    before writing your code! That way we can discuss the change, evaluate
    designs, and agree on the general idea.
  • Ensure the tests and linter pass
  • Appropriate documentation is updated (if necessary)

Relevant issues:

  • Fixes b/183540928 (internal)

@google-cla google-cla bot added the cla: yes label May 24, 2021
@shubha-rajan shubha-rajan assigned kurtisvg and unassigned enocom May 24, 2021
@shubha-rajan shubha-rajan added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 25, 2021
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 25, 2021
@shubha-rajan shubha-rajan added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 25, 2021
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 25, 2021
@shubha-rajan shubha-rajan added the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 25, 2021
@kokoro-team kokoro-team removed the kokoro:force-run Add this label to force Kokoro to re-run the tests. label May 25, 2021
@kurtisvg kurtisvg merged commit 822a203 into main May 25, 2021
@kurtisvg kurtisvg deleted the tls1.3-support branch May 25, 2021 14:37
@dooman87
Copy link

Hi there,

Am I thinking right that without the support of TLS1.3 the IAM auth into Postgres won't work? Looks like AppEngine Standard Java 8 environment doesn't support TLS1.3 and I was thinking if there are any workarounds?

@kurtisvg
Copy link
Contributor

@dooman87 Unfortunately, IAM DB AuthN requires TLS 1.3 and there aren't any workarounds. Are you sure that GAE-Standard doesn't support TLS 1.3?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kurtisvg kurtisvg kurtisvg approved these changes

Assignees

@kurtisvg kurtisvg

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@shubha-rajan @dooman87 @kurtisvg @enocom @kokoro-team