-
Notifications
You must be signed in to change notification settings - Fork 5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for MaxVersion in tls.Options #5650
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you update the documentation:
docs/content/https/tls.md
docs/content/reference/dynamic-configuration/file.toml
docs/content/reference/dynamic-configuration/file.yaml
docs/content/https/tls.md docs/content/reference/dynamic-configuration/file.toml docs/content/reference/dynamic-configuration/file.yaml
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks 👍
I think a note which discourages this setting should be added to not disable TLS1.3. The right approach would be to encourage the clients to update. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As the option wasn't here in the previous version, I think you don't need to update the migration guide with it.
Could you add the option to the kubernetesCRD provider?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
What does this PR do?
Adds support for maxVersion to the tls.Options
Motivation
Some Chrome clients still have issues with negotiations associated with TLS Version 13.
Having the ability to set Maximum can avoid this problem.
More
Additional Notes
This is my first contribution to traefik, so let me know if I've done this correctly.
see #5649