internal/envoy: Disable ECDHE-RSA-AES128-SHA and ECDHE-RSA-AES256-SHA ciphers #3154
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Member
|
Thanks for this PR @bascht! Looks like there are some failing tests though, could you run a local |
589d946 to
2729fbf
Compare
Contributor
Author
|
@youngnick oh yes absolutely. Thanks for the hint. |
Codecov Report
@@ Coverage Diff @@
## main #3154 +/- ##
=======================================
Coverage 74.00% 74.00%
=======================================
Files 96 96
Lines 6001 6001
=======================================
Hits 4441 4441
Misses 1464 1464
Partials 96 96 |
Member
|
Sorry, I forgot to check before, but we also need a DCO signoff in the commit, you can read more in our CONTRIBUTING.md. |
youngnick
approved these changes
Nov 26, 2020
Member
youngnick
left a comment
There was a problem hiding this comment.
LGTM, I'll merge once the DCO is all good.
skriss
approved these changes
Nov 30, 2020
2729fbf to
f71c460
Compare
Contributor
Author
|
Finally got around to add a sign-off, sorry for the wait! |
Member
|
@bascht any chance you can rebase this on top of latest |
Signed-off-by: Sebastian Schulze <[email protected]>
f71c460 to
59c3b73
Compare
Contributor
Author
|
Sure! This is moving quickly! 😬 |
Member
|
@bascht yep, sorry for the churn :/ will get this merged as soon as CI is green again! |
sunjayBhatia
added a commit
to sunjayBhatia/contour
that referenced
this pull request
Feb 2, 2021
…projectcontour#3154)" This reverts commit 2ccbaee. Signed-off-by: Sunjay Bhatia <[email protected]>
sunjayBhatia
added a commit
to sunjayBhatia/contour
that referenced
this pull request
Feb 2, 2021
Re-applies projectcontour#3237 and projectcontour#3154 Blocked on projectcontour#3300 and projectcontour#3301 and should be merged for 1.13.0 release Signed-off-by: Sunjay Bhatia <[email protected]>
skriss
pushed a commit
that referenced
this pull request
Feb 3, 2021
…#3154)" (#3301) This reverts commit 2ccbaee. Signed-off-by: Sunjay Bhatia <[email protected]>
sunjayBhatia
added a commit
to sunjayBhatia/contour
that referenced
this pull request
Feb 3, 2021
Re-applies projectcontour#3237 and projectcontour#3154 Blocked on projectcontour#3300 and projectcontour#3301 and should be merged for 1.13.0 release Signed-off-by: Sunjay Bhatia <[email protected]>
youngnick
pushed a commit
that referenced
this pull request
Feb 22, 2021
Re-applies #3237 and #3154 Blocked on #3300 and #3301 and should be merged for 1.13.0 release Signed-off-by: Sunjay Bhatia <[email protected]>
iyacontrol
pushed a commit
to iyacontrol/contour
that referenced
this pull request
Feb 23, 2021
Re-applies projectcontour#3237 and projectcontour#3154 Blocked on projectcontour#3300 and projectcontour#3301 and should be merged for 1.13.0 release Signed-off-by: Sunjay Bhatia <[email protected]> Signed-off-by: iyacontrol <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change is basically the 2020 version of 18d2379 and will solve #2401, since those CBC ciphers get flagged by recent versions of Qualys SSL Labs or TestSSL.
Refs also #2880 and #2777 but is way less complex.
Closes #2401.