Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(templates) turn on TLSv1.3 #4046

Merged
merged 1 commit into from Dec 5, 2018

Conversation

Projects
None yet
3 participants
@james-callahan
Copy link
Contributor

commented Dec 4, 2018

This acts as a workaround for openssl/openssl#7660

@thibaultcha thibaultcha added this to the 1.0.0rc4 milestone Dec 4, 2018

@@ -87,7 +87,7 @@ server {
> if proxy_ssl_enabled then
ssl_certificate ${{SSL_CERT}};
ssl_certificate_key ${{SSL_CERT_KEY}};
ssl_protocols TLSv1.1 TLSv1.2;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;

This comment has been minimized.

Copy link
@thibaultcha

thibaultcha Dec 4, 2018

Member

Please make the same change in the tests template as well.

This comment has been minimized.

Copy link
@james-callahan

james-callahan Dec 4, 2018

Author Contributor

Just spec? or spec-old-api as well?

This comment has been minimized.

Copy link
@thibaultcha

thibaultcha Dec 4, 2018

Member

Both is fine.

This comment has been minimized.

Copy link
@bungle

bungle Dec 4, 2018

Member

In some another PR, I wish we could make it configurable.

This comment has been minimized.

Copy link
@thibaultcha

thibaultcha Dec 4, 2018

Member

@bungle This is directive is precisely one of the reasons why we introduced dynamically injected nginx directives. Adding each and every nginx directive is not a scalable solution. Let's not forget that. #3607

This comment has been minimized.

Copy link
@bungle

bungle Dec 4, 2018

Member

OK, maybe then making this injection friendly? We cannot remove it totally.

This comment has been minimized.

Copy link
@bungle

bungle Dec 5, 2018

Member

What I mean is that injection is great for adding, but not so great for changing existing.

This comment has been minimized.

Copy link
@thibaultcha

thibaultcha Dec 5, 2018

Member

The goal detailed above is to add a default injection from kong.conf that one can edit, or override via the equivalent environment variable.

fix(templates) turn on TLSv1.3
This acts as a workaround for openssl/openssl#7660

@james-callahan james-callahan force-pushed the james-callahan:fix/enable-tls1.3 branch from 0dcf23f to cbaad9f Dec 5, 2018

@thibaultcha thibaultcha merged commit 840d525 into Kong:next Dec 5, 2018

1 of 2 checks passed

continuous-integration/travis-ci/pr The Travis CI build is in progress
Details
license/cla All CLA requirements met.

@james-callahan james-callahan deleted the james-callahan:fix/enable-tls1.3 branch Dec 5, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.