Skip to content

Plumb cipher/tls version serving options #42337

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 29, 2017
Merged

Plumb cipher/tls version serving options #42337

merged 1 commit into from
Mar 29, 2017

Conversation

@liggitt
Copy link
Member

@liggitt liggitt commented Mar 1, 2017
edited
Loading

Needed to allow servers to harden or relax default tls versions and ciphers

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Mar 1, 2017
@k8s-github-robot k8s-github-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 1, 2017
@k8s-github-robot k8s-github-robot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Mar 1, 2017
@k8s-reviewable
Copy link

This change is Reviewable

@liggitt liggitt added this to the v1.7 milestone Mar 4, 2017
sttts
sttts reviewed Mar 9, 2017
View reviewed changes
staging/src/k8s.io/apiserver/pkg/server/config.go

// MinTLSVersion optionally overrides the minimum TLS version supported.
// If 0, the default is used.
MinTLSVersion uint16
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

document the format

sttts
sttts reviewed Mar 9, 2017
View reviewed changes
staging/src/k8s.io/apiserver/pkg/server/config.go

// CipherSuites optionally overrides the list of cipher suites for the server.
// If empty, the default is used.
CipherSuites []uint16
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

document the format

@liggitt liggitt mentioned this pull request Mar 16, 2017
Closed
@liggitt liggitt assigned sttts and unassigned madhusudancs Mar 28, 2017
@liggitt liggitt added release-note-none Denotes a PR that doesn't merit a release note. and removed release-note-label-needed labels Mar 28, 2017
sttts
sttts reviewed Mar 29, 2017
View reviewed changes
staging/src/k8s.io/apiserver/pkg/server/config.go

// CipherSuites optionally overrides the list of allowed cipher suites for the server.
// Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants).
CipherSuites []uint16
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good now.

@sttts
Copy link
Contributor

sttts commented Mar 29, 2017

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 29, 2017
@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: liggitt, sttts

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-github-robot
Copy link

Automatic merge from submit-queue (batch tested with PRs 38741, 41301, 43645, 43779, 42337)

@k8s-github-robot k8s-github-robot merged commit bf4b04b into kubernetes:master Mar 29, 2017
@liggitt liggitt deleted the tls-config branch March 30, 2017 18:09
@liggitt liggitt modified the milestone: v1.7 Apr 13, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sttts sttts sttts left review comments

Assignees

@sttts sttts

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.

Projects

None yet

Milestone

v1.7

Development

Successfully merging this pull request may close these issues.

6 participants

@liggitt @k8s-reviewable @sttts @k8s-github-robot @madhusudancs @k8s-ci-robot