Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve ciphersuite examples #5594

Merged
merged 3 commits into from Oct 8, 2019
Merged

Improve ciphersuite examples #5594

merged 3 commits into from Oct 8, 2019

Conversation

Constans
Copy link
Contributor

@Constans Constans commented Oct 7, 2019
edited by ldez

What does this PR do?

Removed the TLS_RSA_WITH_AES_256_GCM_SHA384 cipher that causes the B rating from https://www.ssllabs.com/ssltest/

This cipher is considered weak and including it will result in a B rating by default.
Adding the ciphers that are not considered weak will result in an A rating out of the box.

Removes the TLS_RSA_WITH_AES_256_GCM_SHA384 cipher that is considered weak.

Motivation

After the removal of this cipher the site security rating raises from a B to an A.

More

  • Added/updated tests
  • Added/updated documentation

Additional Notes

It'd be useful, in the future, to provide a configuration that gives an A+ rating out of the box.

@Constans @ldez
Removed the TLS_RSA_WITH_AES_256_GCM_SHA384 cipher
369d910 
Removed the TLS_RSA_WITH_AES_256_GCM_SHA384 cipher that causes the B rating from https://www.ssllabs.com/ssltest/ 

This cipher is considered weak and including it in documentation will lead people to get a B by default.
Adding the ciphers that are not considered weak will result in an A rating out of the box.
@Constans @ldez
Removed the TLS_RSA_WITH_AES_256_GCM_SHA384 cipher
92a4502 
Removed the TLS_RSA_WITH_AES_256_GCM_SHA384 cipher that causes the B rating from https://www.ssllabs.com/ssltest/ 

This cipher is considered weak and including it in documentation will lead people to get a B by default.
Adding the ciphers that are not considered weak will result in an A rating out of the box.
@ldez ldez changed the base branch from master to v2.0 October 7, 2019 20:48
@ldez ldez added this to the 2.0 milestone Oct 7, 2019
@ldez ldez added this to To review in v2 via automation Oct 7, 2019
@ldez ldez added the kind/enhancement a new or improved feature. label Oct 7, 2019
@ldez ldez mentioned this pull request Oct 7, 2019
Closed
2 tasks
ldez
ldez approved these changes Oct 7, 2019
View reviewed changes
Copy link
Member

@ldez ldez left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ldez ldez changed the title Removed the TLS_RSA_WITH_AES_256_GCM_SHA384 cipher Improve ciphersuite examples Oct 7, 2019
jbdoumenjou
jbdoumenjou approved these changes Oct 8, 2019
View reviewed changes
Copy link
Member

@jbdoumenjou jbdoumenjou left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@traefiker traefiker merged commit c87a37f into traefik:v2.0 Oct 8, 2019
v2 automation moved this from To review to Done Oct 8, 2019
@ldez ldez added the area/tls label Oct 9, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jbdoumenjou jbdoumenjou jbdoumenjou approved these changes

@mmatur mmatur mmatur approved these changes

@ldez ldez ldez approved these changes

Assignees
No one assigned
Labels
area/documentation area/tls kind/enhancement a new or improved feature. size/S
Projects
No open projects
v2
Done
Milestone
2.0
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@Constans @jbdoumenjou @mmatur @ldez @traefiker