You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by to...@apache.org on 2022/08/22 07:46:34 UTC
[apisix-helm-chart] branch chore/configurable-ssl-protocols created (now 2ff9fcf)
This is an automated email from the ASF dual-hosted git repository.
tokers pushed a change to branch chore/configurable-ssl-protocols
in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git
at 2ff9fcf chore: support configuring SSL protocols
This branch includes the following new commits:
new 2ff9fcf chore: support configuring SSL protocols
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[apisix-helm-chart] 01/01: chore: support configuring SSL protocols
Posted by to...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
tokers pushed a commit to branch chore/configurable-ssl-protocols
in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git
commit 2ff9fcfe560db59753a9dff3e0ec6b4538416a27
Author: Chao Zhang <to...@apache.org>
AuthorDate: Mon Aug 22 15:46:10 2022 +0800
chore: support configuring SSL protocols
Signed-off-by: Chao Zhang <to...@apache.org>
---
charts/apisix/templates/configmap.yaml | 2 +-
charts/apisix/values.yaml | 1 +
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/charts/apisix/templates/configmap.yaml b/charts/apisix/templates/configmap.yaml
index 6c0e5da..ee78a14 100644
--- a/charts/apisix/templates/configmap.yaml
+++ b/charts/apisix/templates/configmap.yaml
@@ -156,7 +156,7 @@ data:
enable: {{ .Values.gateway.tls.enabled }}
enable_http2: {{ .Values.gateway.tls.http2.enabled }}
listen_port: {{ .Values.gateway.tls.containerPort }}
- ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"
+ ssl_protocols: {{ .Values.gateway.tls.sslProtocols | quote }}
ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA- [...]
{{- if and .Values.gateway.tls.enabled .Values.gateway.tls.existingCASecret }}
ssl_trusted_certificate: "/usr/local/apisix/conf/ssl/{{ .Values.gateway.tls.certCAFilename }}"
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
index e0824f9..0071c6c 100644
--- a/charts/apisix/values.yaml
+++ b/charts/apisix/values.yaml
@@ -142,6 +142,7 @@ gateway:
certCAFilename: ""
http2:
enabled: true
+ sslProtocols: "TLSv1.2 TLSv1.3"
# L4 proxy (TCP/UDP)
stream:
enabled: false