security/advancedtls: add min/max TLS version option #5797
Conversation
ZhenLian
force-pushed
the
zhen_tls_version
branch
from
44117b5
to
fca2b97
Compare
dfawley
changed the title
|
This PR is labeled as requiring an update from the reporter, and no update has been received after 6 days. If no update is provided in the next 7 days, this issue will be automatically closed. |
|
In regards to the comments for testing client-server behavior, It would require setting up a real server, and I thought probably it would be better to do it in the integration tests. Would it be fine if we submit that in a separate PR? |
|
I would prefer to include tests for functionality in the same PR that adds that functionality, unless there are very strong reasons not to (e.g. this feature is urgently needed and the tests will take too long to write). |
|
This PR is labeled as requiring an update from the reporter, and no update has been received after 6 days. If no update is provided in the next 7 days, this issue will be automatically closed. |
|
@dfawley Done with adding the integration tests. Would you mind taking a look again? Thank you so much! |
| { | ||
| desc: "Good TLS version settings", | ||
| clientMinVersion: tls.VersionTLS12, | ||
| clientMaxVersion: tls.VersionTLS13, | ||
| serverMinVersion: tls.VersionTLS12, | ||
| serverMaxVersion: tls.VersionTLS13, | ||
| expectError: false, | ||
| }, |
There was a problem hiding this comment.
For completeness, can you also add:
- client 12-13, server 12-12 (and/or 11-12)
- client 12-13, server 13-13 (and/or 13-14)
- server 12-13, client 12-12 (and/or 11-12)
- server 12-13, client 13-13 (and/or 13-14)
These should all pass IIUC?
|
This PR is labeled as requiring an update from the reporter, and no update has been received after 6 days. If no update is provided in the next 7 days, this issue will be automatically closed. |
Adding an "TlsVersionOption" for users to select their desired min/max TLS versions, if advanced TLS is used, per request by #5667
RELEASE NOTES: