Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Increase minimum TLS version to v1.2 for improved security. #457

Merged
merged 2 commits into from
Nov 17, 2020
Merged

Increase minimum TLS version to v1.2 for improved security. #457

merged 2 commits into from
Nov 17, 2020

Conversation

fasaxc
Copy link
Member

@fasaxc fasaxc commented Nov 17, 2020
edited
Loading

Description

  • Remove maximum TLS version. Should no longer be needed.

  • Remove unneeded TLS config to set the RNG; the tls implementation
    already uses the secure RNG by default.

Todos

  • Unit tests (full coverage)
  • Integration tests (delete as appropriate) In plan/Not needed/Done
  • Documentation
  • Backport
  • Release note

Release Note

For improved security, the Typha/Felix API now requires TLS v1.2+.

@fasaxc
Increase minimum TLS version to v1.2 for improved security.
53da11d 
* Remove maximum TLS version.  Should no longer be needed.

* Remove unneeded TLS config to set the RNG; the tls implementation
  already uses the secure RNG by default.
@fasaxc fasaxc requested a review from a team as a code owner November 17, 2020 10:01
@marvin-tigera marvin-tigera added this to the Calico v3.18.0 milestone Nov 17, 2020
nelljerram
nelljerram approved these changes Nov 17, 2020
View reviewed changes
Copy link
Member

@nelljerram nelljerram left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@fasaxc
Rework TLS tests for new behaviour of TLS library.
507055d 
With TLSv1.2 forced, we no longer get an error from Start(), it
is deferred until the first read.
@fasaxc fasaxc merged commit 02cb7ab into projectcalico:master Nov 17, 2020
fasaxc added a commit to fasaxc/typha that referenced this pull request Feb 11, 2021
@fasaxc
Merge pull request projectcalico#457 from fasaxc/tls-update
adf105d 
Increase minimum TLS version to v1.2 for improved security.

(cherry picked from commit 02cb7ab)
fasaxc added a commit to fasaxc/typha that referenced this pull request Feb 11, 2021
@fasaxc
Merge pull request projectcalico#457 from fasaxc/tls-update
a147773 
Increase minimum TLS version to v1.2 for improved security.

(cherry picked from commit 02cb7ab)
This was referenced Feb 11, 2021
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nelljerram nelljerram nelljerram approved these changes

Assignees
No one assigned
Labels
docs-not-required release-note-required
Projects
None yet
Milestone
Calico v3.18.0
Development

Successfully merging this pull request may close these issues.
3 participants
@fasaxc @nelljerram @marvin-tigera