Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hystrix Metrics Stream - Weak SSL/TLS protocols should not be used (3.x) #566

Closed
TimHess opened this issue Jan 13, 2021 · 0 comments
Closed

Hystrix Metrics Stream - Weak SSL/TLS protocols should not be used (3.x) #566

TimHess opened this issue Jan 13, 2021 · 0 comments
Assignees
@TimHess
Labels
Component/CircuitBreaker Issues related to Steeltoe.CircuitBreaker ReleaseLine/3.x Identified as a feature/fix for the 3.x release line
Milestone
3.1.0-RC1

Comments

@TimHess
Copy link
Member

TimHess commented Jan 13, 2021

Insecure versions of SSL/TLS shouldn't be used anymore. Update the metrics stream configurations to use TLS 1.2+

Per Sonar: This rule raises an issue when an SSL/TLS is configured at application level with an insecure version (ie: a protocol different from "TLSv1.2" or "TLSv1.3").

Addressed in #562
@TimHess TimHess added Component/CircuitBreaker Issues related to Steeltoe.CircuitBreaker ReleaseLine/3.x Identified as a feature/fix for the 3.x release line labels Jan 13, 2021
@TimHess TimHess added this to the 3.1.0 milestone Jan 13, 2021
@TimHess TimHess self-assigned this Jan 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TimHess TimHess

Labels
Component/CircuitBreaker Issues related to Steeltoe.CircuitBreaker ReleaseLine/3.x Identified as a feature/fix for the 3.x release line
Projects
None yet
Milestone
3.1.0-RC1
Development

No branches or pull requests
2 participants
@jkonicki @TimHess