You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by to...@apache.org on 2022/08/22 07:46:34 UTC

[apisix-helm-chart] branch chore/configurable-ssl-protocols created (now 2ff9fcf)

This is an automated email from the ASF dual-hosted git repository.

tokers pushed a change to branch chore/configurable-ssl-protocols
in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git


      at 2ff9fcf  chore: support configuring SSL protocols

This branch includes the following new commits:

     new 2ff9fcf  chore: support configuring SSL protocols

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[apisix-helm-chart] 01/01: chore: support configuring SSL protocols

Posted by to...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

tokers pushed a commit to branch chore/configurable-ssl-protocols
in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git

commit 2ff9fcfe560db59753a9dff3e0ec6b4538416a27
Author: Chao Zhang <to...@apache.org>
AuthorDate: Mon Aug 22 15:46:10 2022 +0800

    chore: support configuring SSL protocols
    
    Signed-off-by: Chao Zhang <to...@apache.org>
---
 charts/apisix/templates/configmap.yaml | 2 +-
 charts/apisix/values.yaml              | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/charts/apisix/templates/configmap.yaml b/charts/apisix/templates/configmap.yaml
index 6c0e5da..ee78a14 100644
--- a/charts/apisix/templates/configmap.yaml
+++ b/charts/apisix/templates/configmap.yaml
@@ -156,7 +156,7 @@ data:
         enable: {{ .Values.gateway.tls.enabled }}
         enable_http2: {{ .Values.gateway.tls.http2.enabled }}
         listen_port: {{ .Values.gateway.tls.containerPort }}
-        ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"
+        ssl_protocols: {{ .Values.gateway.tls.sslProtocols | quote }}
         ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA- [...]
         {{- if and .Values.gateway.tls.enabled .Values.gateway.tls.existingCASecret }}
         ssl_trusted_certificate: "/usr/local/apisix/conf/ssl/{{ .Values.gateway.tls.certCAFilename }}"
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
index e0824f9..0071c6c 100644
--- a/charts/apisix/values.yaml
+++ b/charts/apisix/values.yaml
@@ -142,6 +142,7 @@ gateway:
     certCAFilename: ""
     http2:
       enabled: true
+    sslProtocols: "TLSv1.2 TLSv1.3"
   # L4 proxy (TCP/UDP)
   stream:
     enabled: false