Skip to content

Commit

Permalink
Disable tls1.3 by default for compliance (#3828)
Browse files Browse the repository at this point in the history
  • Loading branch information
@FestiveKyle
FestiveKyle committed Jul 14, 2022
1 parent a84caad commit 359eccd
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 0 deletions.
1 change: 1 addition & 0 deletions k8s/infrastructure/bases/istio/ingress-gateway.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ spec:
privateKey: sds
serverCertificate: sds
minProtocolVersion: TLSV1_2 # ITPIN 6.1.3 implements TLS 1.2, or subsequent versions
maxProtocolVersion: TLSV1_2
cipherSuites: # ITPIN 6.1.3 uses supported cryptographic algorithms
- ECDHE-ECDSA-AES256-GCM-SHA384
- ECDHE-RSA-AES256-GCM-SHA384
1 change: 1 addition & 0 deletions k8s/infrastructure/overlays/production/ingress-gateway-tls-patch.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ spec:
privateKey: sds
serverCertificate: sds
minProtocolVersion: TLSV1_2
maxProtocolVersion: TLSV1_2
cipherSuites:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
Expand Down
1 change: 1 addition & 0 deletions k8s/infrastructure/overlays/staging/ingress-gateway-tls-patch.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ spec:
privateKey: sds
serverCertificate: sds
minProtocolVersion: TLSV1_2
maxProtocolVersion: TLSV1_2
cipherSuites:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
Expand Down

0 comments on commit 359eccd

Please sign in to comment.