You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the solution you'd like
Boundary TLS only supports 1.3, but this is not consistent with the cloud provider settings. (I use AWS, and don't know about other providers) If we can select between TLS 1.2 and 1.3, it would be really helpful.
Describe alternatives you've considered
None
Explain any additional use-cases
None
Additional context
None
The text was updated successfully, but these errors were encountered:
Thanks for posting this @neolunar7 and sorry for the tardy response. This sounds like a good request, and I'll work on getting it added to our road map. It does look like AWS released support for 1.3 in CloudFront, but looking at ELB's it appears they're still only on 1.2 as you noted.
Even if we allowed TLS 1.2, you wouldn't be able to use it with ALB because you wouldn't have any way to get the CA cert or server cert generated just for that single session.
Is your feature request related to a problem? Please describe.
According to the link https://www.boundaryproject.io/docs/concepts/security/connections-tls, there seems to be only support for TLS 1.3. However, when using AWS ALB as a load balancer in front of Boundary, TLS related error arises. I posted the issue on https://discuss.hashicorp.com/t/boundary-connect-ssh-throwing-failed-to-websocket-dial-error/21609. I can resolve this issue by changing the ClusterIP service type to NodePort service type, bypassing the LoadBalancer and directly accessing the pod.
Describe the solution you'd like
Boundary TLS only supports 1.3, but this is not consistent with the cloud provider settings. (I use AWS, and don't know about other providers) If we can select between TLS 1.2 and 1.3, it would be really helpful.
Describe alternatives you've considered
None
Explain any additional use-cases
None
Additional context
None
The text was updated successfully, but these errors were encountered: