-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
need a TLS MinVersion arg #3058
Comments
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle stale This is minor but when we need to pass the security scan we had to resort to creating our own version. |
/lifecycle frozen @wu105 Perhaps you can prepare some pull request for it? |
@maciaszczykm What I did is quite messy, did not do anything on TLS ciphers nor adding arguments, thus it may be better to share what I did to get it to pass our security scan. We started with cloning version v1.7.1 source.
|
Just checked version 1.10.1, in src/app/backend/dashboard.go, in the main function, |
I have made the same path to dashboard.go and works perfectly. Had to patch it as the dashboard is failing our security scans as well. |
so thank you @wu105 for the tip |
@wu105 @Michael-Baylis Thanks for the solution. Since I posted PR(#5013 ), could you review it? |
@shu-mutou I think #5013 needs to be future proofed by suppling the MinVersion as a option, which is what I was going to do in a PR, if I ever get time |
happy with that, saves me doing anything. :-) |
Environment
This is a feature request: when serving over https, dashboard offers TLSv1.0 thus fails our security scan. Would like to have an argument for higher TLS MinVersion.
The TLS ciphers offerred is not currently a problem for us, but that could change, thus an argument to control TLS cipher set might be useful.
Steps to reproduce
Observed result
Expected result
When TLS MinVersion is set to TLSv1.2, for instance, the dashboard would offer TLSv1.2 as the lowest version during SSL hand shake, thus pass security scan which requires TLSv1.2 or above.
Comments
The text was updated successfully, but these errors were encountered: