Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Letsencrypt: remove deprecated tls-sni-02 challenge method #38137

Merged
merged 1 commit into from Mar 31, 2018
Merged

Letsencrypt: remove deprecated tls-sni-02 challenge method #38137

merged 1 commit into from Mar 31, 2018

Conversation

felixfontein
Copy link
Contributor

SUMMARY

The letsencrypt module supports three challenge types: http-01, dns-01 and tls-sni-02. While tls-sni-01 was never supported by the module, tls-sni-02 on the other hand was never active in boulder, the Let's Encrypt ACME server software, and will never be since it has turned out to be insecure, been deactivated, and was removed from the ACME specs (see https://community.letsencrypt.org/t/tls-sni-challenges-disabled-for-most-new-issuance/50316, https://community.letsencrypt.org/t/important-what-you-need-to-know-about-tls-sni-validation-issues/50811 and https://tools.ietf.org/html/draft-ietf-acme-acme-11).

Since it was never possible to actually use the tls-sni-02 challenge, simply removing it from the module does not break backwards compatibility. If anyone ever used it, he/she was never able to obtain a certificate with it.

ISSUE TYPE

Feature Pull Request

COMPONENT NAME

letsencrypt

ANSIBLE VERSION
2.6.0

@ansibot
Copy link
Contributor

ansibot commented Mar 30, 2018

cc @mgruener @resmo
click here for bot help

@ansibot ansibot added community_review In order to be merged, this PR must follow the community review workflow. feature This issue/PR relates to a feature request. module This issue/PR relates to a module. needs_triage Needs a first human triage before being processed. owner_pr This PR is made by the module's maintainer. support:community This issue/PR relates to code supported by the Ansible community. labels Mar 30, 2018
resmo
resmo approved these changes Mar 31, 2018
View reviewed changes
Copy link
Contributor

@resmo resmo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shipit

@ansibot ansibot added automerge This PR was automatically merged by ansibot. shipit This PR is ready to be merged by Core and removed community_review In order to be merged, this PR must follow the community review workflow. needs_triage Needs a first human triage before being processed. labels Mar 31, 2018
@ansibot ansibot merged commit 8b98c29 into ansible:devel Mar 31, 2018
@felixfontein felixfontein deleted the letsencrypt-remove-tls-sni-02 branch March 31, 2018 13:11
@felixfontein felixfontein mentioned this pull request Mar 31, 2018
Merged
ryancurrah pushed a commit to ryancurrah/ansible that referenced this pull request Apr 4, 2018
@felixfontein @ryancurrah
Remove the deprecated tls-sni-02 challenge method. (ansible#38137)
ed38d21
@felixfontein felixfontein mentioned this pull request Apr 7, 2018
Merged
ilicmilan pushed a commit to ilicmilan/ansible that referenced this pull request Nov 7, 2018
@felixfontein @ilicmilan
Remove the deprecated tls-sni-02 challenge method. (ansible#38137)
7e695a1
@dagwieers dagwieers added the crypto Crypto community (ACME, openssl, letsencrypt) label Feb 7, 2019
@ansible ansible locked and limited conversation to collaborators Apr 27, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@resmo resmo resmo approved these changes

Assignees
No one assigned
Labels
automerge This PR was automatically merged by ansibot. crypto Crypto community (ACME, openssl, letsencrypt) feature This issue/PR relates to a feature request. module This issue/PR relates to a module. owner_pr This PR is made by the module's maintainer. shipit This PR is ready to be merged by Core support:community This issue/PR relates to code supported by the Ansible community.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@felixfontein @ansibot @resmo @dagwieers