Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for MaxVersion in tls.Options #5650

Merged
merged 13 commits into from
Oct 29, 2019
Merged

Add support for MaxVersion in tls.Options #5650

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
1043206
Fixed to support using MaxVersion in tls.Options
kmeekva Oct 13, 2019
cde76bb
Added maxVersion to docs as example
kmeekva Oct 13, 2019
0526e6c
Fixed comment
kmeekva Oct 14, 2019
031b8ec
Fixed to support using MaxVersion in tls.Options
kmeekva Oct 13, 2019
02840e0
Added maxVersion to docs as example
kmeekva Oct 13, 2019
6f6760a
Fixed comment
kmeekva Oct 14, 2019
abf5e06
Merge branch 'master' of https://github.com/kmeekva/traefik
kmeekva Oct 25, 2019
4230fa8
Added Documentation on usage to the following files:
kmeekva Oct 25, 2019
03fdfa9
review: fix examples.
ldez Oct 25, 2019
10b7cc7
review.
ldez Oct 28, 2019
834f5d4
review: doc.
ldez Oct 28, 2019
fc8f52c
Merge branch 'master' into master
ldez Oct 29, 2019
283ec24
Merge remote-tracking branch 'upstream/master'
traefiker Oct 29, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 2 additions & 0 deletions docs/content/migration/v1-to-v2.md
View file
Open in desktop
Expand Up @@ -238,9 +238,11 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
[tls.options]
[tls.options.default]
minVersion = "VersionTLS12"
maxVersion = "VersionTLS12"

[tls.options.myTLSOptions]
minVersion = "VersionTLS13"
maxVersion = "VersionTLS13"
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
Expand Down
8 changes: 8 additions & 0 deletions pkg/tls/certificate.go
View file
Open in desktop
Expand Up @@ -22,6 +22,14 @@ var (
`VersionTLS13`: tls.VersionTLS13,
}

// MaxVersion Map of allowed TLS minimum versions
MaxVersion = map[string]uint16{
`VersionTLS10`: tls.VersionTLS10,
`VersionTLS11`: tls.VersionTLS11,
`VersionTLS12`: tls.VersionTLS12,
`VersionTLS13`: tls.VersionTLS13,
}

// CipherSuites Map of TLS CipherSuites from crypto/tls
// Available CipherSuites defined at https://golang.org/pkg/crypto/tls/#pkg-constants
CipherSuites = map[string]uint16{
Expand Down
1 change: 1 addition & 0 deletions pkg/tls/tls.go
View file
Open in desktop
Expand Up @@ -17,6 +17,7 @@ type ClientAuth struct {
// Options configures TLS for an entry point
type Options struct {
MinVersion string `json:"minVersion,omitempty" toml:"minVersion,omitempty" yaml:"minVersion,omitempty" export:"true"`
MaxVersion string `json:"maxVersion,omitempty" toml:"maxVersion,omitempty" yaml:"maxVersion,omitempty" export:"true"`
CipherSuites []string `json:"cipherSuites,omitempty" toml:"cipherSuites,omitempty" yaml:"cipherSuites,omitempty"`
ClientAuth ClientAuth `json:"clientAuth,omitempty" toml:"clientAuth,omitempty" yaml:"clientAuth,omitempty"`
SniStrict bool `json:"sniStrict,omitempty" toml:"sniStrict,omitempty" yaml:"sniStrict,omitempty" export:"true"`
Expand Down
6 changes: 6 additions & 0 deletions pkg/tls/tlsmanager.go
View file
Open in desktop
Expand Up @@ -217,6 +217,12 @@ func buildTLSConfig(tlsOption Options) (*tls.Config, error) {
conf.MinVersion = minConst
}

// Set the maximum TLS version if set in the config TOML
if maxConst, exists := MaxVersion[tlsOption.MaxVersion]; exists {
conf.PreferServerCipherSuites = true
ldez marked this conversation as resolved.
Show resolved Hide resolved
conf.MaxVersion = maxConst
}

// Set the list of CipherSuites if set in the config TOML
if tlsOption.CipherSuites != nil {
// if our list of CipherSuites is defined in the entryPoint config, we can re-initialize the suites list as empty
Expand Down