New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NE-472: haproxy-config.template: Add ROUTER_CIPHERSUITES #284
Conversation
Add an environment variable for specifying cipher suites for TLSv1.3. The existing ROUTER_CIPHERS environment variable sets HAProxy's ssl-default-bind-ciphers option. However, this option configures ciphers only for TLS versions other than TLSv1.3. To configure cipher suites for TLSv1.3, HAProxy requires the ssl-default-bind-ciphersuites option. * images/router/haproxy/conf/haproxy-config.template: Check for the ROUTER_CIPHERSUITES environment variable. If its value is nonempty, use it to set the ssl-default-bind-ciphersuites option.
tests are working fine
Openssl to the external IP with tlsv1.3 ciphers https://github.com/openshift/api/blob/master/config/v1/types_tlssecurityprofile.go#L254-L262 A)
B)
C)
|
@Miciah PTAL |
/retest |
1 similar comment
/retest |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: Miciah, miheer The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/refresh |
/retest Please review the full test history for this PR and help us cut down flakes. |
2 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest |
/retest Please review the full test history for this PR and help us cut down flakes. |
https://issues.redhat.com/browse/NE-472
Add an environment variable for specifying cipher suites for TLSv1.3.
The existing ROUTER_CIPHERS environment variable sets HAProxy's
ssl-default-bind-ciphers option. However, this option configures ciphers
only for TLS versions other than TLSv1.3. To configure cipher suites for
TLSv1.3, HAProxy requires the ssl-default-bind-ciphersuites option.
ROUTER_CIPHERSUITES environment variable. If its value is nonempty,
use it to set the ssl-default-bind-ciphersuites option.