You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/11/06 06:37:07 UTC

[GitHub] [apisix] Miss-you opened a new pull request #2641: [wip]fix: disable ssl_session_tickets by default #2638

Miss-you opened a new pull request #2641:
URL: https://github.com/apache/apisix/pull/2641


   ### What this PR does / why we need it:
   <!--- Why is this change required? What problem does it solve? -->
   <!--- If it fixes an open issue, please link to the issue here. -->
   
   ### Pre-submission checklist:
   
   * [ ] Did you explain what problem does this PR solve? Or what new features have been added?
   * [ ] Have you added corresponding test cases?
   * [ ] Have you modified the corresponding document?
   * [ ] Is this PR backward compatible?
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Miss-you commented on pull request #2641: [wip]fix: disable ssl_session_tickets by default #2638

Posted by GitBox <gi...@apache.org>.

Miss-you commented on pull request #2641:
URL: https://github.com/apache/apisix/pull/2641#issuecomment-723006590


   #2638 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Miss-you commented on pull request #2641: fix: disable ssl_session_tickets by default

Posted by GitBox <gi...@apache.org>.

Miss-you commented on pull request #2641:
URL: https://github.com/apache/apisix/pull/2641#issuecomment-723644145


   another bug（maybe）：https://github.com/apache/apisix/issues/2660
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] membphis merged pull request #2641: fix: disable ssl_session_tickets by default

Posted by GitBox <gi...@apache.org>.

membphis merged pull request #2641:
URL: https://github.com/apache/apisix/pull/2641


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] membphis commented on a change in pull request #2641: fix: disable ssl_session_tickets by default

Posted by GitBox <gi...@apache.org>.

membphis commented on a change in pull request #2641:
URL: https://github.com/apache/apisix/pull/2641#discussion_r519594799



##########
File path: .travis/apisix_cli_test.sh
##########
@@ -447,17 +447,17 @@ git checkout conf/config.yaml
 
 make init
 
-count=`grep "ssl_session_tickets off;" conf/nginx.conf || true`
-if [ $count -ne 1 ]; then
+count=`grep "ssl_session_tickets off;" conf/nginx.conf | wc -l `

Review comment:
       we can use this way: https://github.com/apache/apisix/blob/8ed24711a6c659fa8040310a24e86091d104a699/.travis/apisix_cli_test.sh#L122




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] spacewander commented on a change in pull request #2641: fix: disable ssl_session_tickets by default

Posted by GitBox <gi...@apache.org>.

spacewander commented on a change in pull request #2641:
URL: https://github.com/apache/apisix/pull/2641#discussion_r519527419



##########
File path: conf/config-default.yaml
##########
@@ -106,6 +106,7 @@ apisix:
                                                 # with external services (e.g. etcd)
     ssl_protocols: "TLSv1.2 TLSv1.3"
     ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
+    ssl_session_tickets: false              #  disable ssl_session_tickets by default for 'ssl_session_tickets' would make Perfect Forward Secrecy useless.

Review comment:
       Better to add the link in the comment, so the user can find more details.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Miss-you commented on a change in pull request #2641: fix: disable ssl_session_tickets by default

Posted by GitBox <gi...@apache.org>.

Miss-you commented on a change in pull request #2641:
URL: https://github.com/apache/apisix/pull/2641#discussion_r519563190



##########
File path: conf/config-default.yaml
##########
@@ -106,6 +106,7 @@ apisix:
                                                 # with external services (e.g. etcd)
     ssl_protocols: "TLSv1.2 TLSv1.3"
     ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"
+    ssl_session_tickets: false              #  disable ssl_session_tickets by default for 'ssl_session_tickets' would make Perfect Forward Secrecy useless.

Review comment:
       done




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] Miss-you commented on a change in pull request #2641: fix: disable ssl_session_tickets by default

Posted by GitBox <gi...@apache.org>.

Miss-you commented on a change in pull request #2641:
URL: https://github.com/apache/apisix/pull/2641#discussion_r519791655



##########
File path: .travis/apisix_cli_test.sh
##########
@@ -447,17 +447,17 @@ git checkout conf/config.yaml
 
 make init
 
-count=`grep "ssl_session_tickets off;" conf/nginx.conf || true`
-if [ $count -ne 1 ]; then
+count=`grep "ssl_session_tickets off;" conf/nginx.conf | wc -l `

Review comment:
       done. `grep` -> `grep -c`




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org