-
Notifications
You must be signed in to change notification settings - Fork 5.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore: update Kex-Algorithms #9561
Conversation
Signed-off-by: douhunt <douhunt@protonmail.com>
Codecov Report
@@ Coverage Diff @@
## master #9561 +/- ##
==========================================
- Coverage 45.86% 45.79% -0.08%
==========================================
Files 221 222 +1
Lines 26309 26377 +68
==========================================
+ Hits 12067 12079 +12
- Misses 12586 12650 +64
+ Partials 1656 1648 -8
Continue to review full report at Codecov.
|
@34fathombelow thanks for this! Just so we have a paper trail, did you use any particular source that we can cite as the reason for removing the no-longer-secure algorithms? |
Signed-off-by: Justin Marquis <34fathombelow@protonmail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! @jannfis can you take a look?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks @34fathombelow !
* chore: update Kex-Algorithms Signed-off-by: douhunt <douhunt@protonmail.com> * sorted kex-algorithms Signed-off-by: Justin Marquis <34fathombelow@protonmail.com> Co-authored-by: douhunt <douhunt@protonmail.com> Signed-off-by: Michael Crenshaw <michael@crenshaw.dev>
Cherry-picked onto 2.4. |
Signed-off-by: douhunt <douhunt@protonmail.com> Co-authored-by: douhunt <douhunt@protonmail.com> Co-authored-by: Michael Crenshaw <michael@crenshaw.dev> Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> chore: update Kex-Algorithms (argoproj#9561) * chore: update Kex-Algorithms Signed-off-by: douhunt <douhunt@protonmail.com> * sorted kex-algorithms Signed-off-by: 34FathomBelow <34fathombelow@protonmail.com> Co-authored-by: douhunt <douhunt@protonmail.com> Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> chore upgrade base image for test containers Ubuntu:22.04 (argoproj#9563) Signed-off-by: 34FathomBelow <34fathombelow@protonmail.com>
Signed-off-by: douhunt <douhunt@protonmail.com> Co-authored-by: douhunt <douhunt@protonmail.com> Co-authored-by: Michael Crenshaw <michael@crenshaw.dev> Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> chore: update Kex-Algorithms (argoproj#9561) * chore: update Kex-Algorithms Signed-off-by: douhunt <douhunt@protonmail.com> * sorted kex-algorithms Signed-off-by: 34FathomBelow <34fathombelow@protonmail.com> Co-authored-by: douhunt <douhunt@protonmail.com> Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> chore upgrade base image for test containers Ubuntu:22.04 (argoproj#9563) Signed-off-by: 34FathomBelow <34fathombelow@protonmail.com>
Signed-off-by: douhunt <douhunt@protonmail.com> Co-authored-by: douhunt <douhunt@protonmail.com> Co-authored-by: Michael Crenshaw <michael@crenshaw.dev> Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> chore: update Kex-Algorithms (#9561) * chore: update Kex-Algorithms Signed-off-by: douhunt <douhunt@protonmail.com> * sorted kex-algorithms Signed-off-by: 34FathomBelow <34fathombelow@protonmail.com> Co-authored-by: douhunt <douhunt@protonmail.com> Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> chore upgrade base image for test containers Ubuntu:22.04 (#9563) Signed-off-by: 34FathomBelow <34fathombelow@protonmail.com> Co-authored-by: 34FathomBelow <34fathombelow@protonmail.com>
Signed-off-by: douhunt <douhunt@protonmail.com> Co-authored-by: douhunt <douhunt@protonmail.com> Co-authored-by: Michael Crenshaw <michael@crenshaw.dev> Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> chore: update Kex-Algorithms (#9561) * chore: update Kex-Algorithms Signed-off-by: douhunt <douhunt@protonmail.com> * sorted kex-algorithms Signed-off-by: 34FathomBelow <34fathombelow@protonmail.com> Co-authored-by: douhunt <douhunt@protonmail.com> Signed-off-by: Michael Crenshaw <michael@crenshaw.dev> chore upgrade base image for test containers Ubuntu:22.04 (#9563) Signed-off-by: 34FathomBelow <34fathombelow@protonmail.com> Co-authored-by: 34FathomBelow <34fathombelow@protonmail.com>
Signed-off-by: douhunt douhunt@protonmail.com
Part 1 of 3 to upgrade base image to Ubuntu:22.04
This must be merged before #9551 and cherry-picked into 2.4
Upgraded golang.org/x/crypto libraries to support diffie-hellman-group14-sha256. I also removed two Kex-Algorithms which should no longer be used for security reasons. This may cause some breakage for a very very small group of users. I would also recommend removing diffie-hellman-group14-sha1 in the very near future (v2.5) and give users plenty of warning.
Note on DCO:
If the DCO action in the integration test fails, one or more of your commits are not signed off. Please click on the Details link next to the DCO action for instructions on how to resolve this.
Checklist: