You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/08/22 07:47:05 UTC

[GitHub] [apisix-helm-chart] tokers opened a new pull request, #328: chore: support configuring SSL protocols

tokers opened a new pull request, #328:
URL: https://github.com/apache/apisix-helm-chart/pull/328

   Signed-off-by: Chao Zhang <to...@apache.org>


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-helm-chart] tokers commented on a diff in pull request #328: chore: support configuring SSL protocols

Posted by GitBox <gi...@apache.org>.

tokers commented on code in PR #328:
URL: https://github.com/apache/apisix-helm-chart/pull/328#discussion_r952063937


##########
charts/apisix/values.yaml:
##########
@@ -142,6 +142,7 @@ gateway:
     certCAFilename: ""
     http2:
       enabled: true
+    sslProtocols: "TLSv1.2 TLSv1.3"

Review Comment:
   See https://github.com/apache/apisix/blob/master/conf/config-default.yaml#L143.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-helm-chart] tao12345666333 commented on a diff in pull request #328: chore: support configuring SSL protocols

Posted by GitBox <gi...@apache.org>.

tao12345666333 commented on code in PR #328:
URL: https://github.com/apache/apisix-helm-chart/pull/328#discussion_r951349812


##########
charts/apisix/values.yaml:
##########
@@ -142,6 +142,7 @@ gateway:
     certCAFilename: ""
     http2:
       enabled: true
+    sslProtocols: "TLSv1.2 TLSv1.3"

Review Comment:
   > Actually, I think we should drop the support of `TLSv1` and `TLSv1.1`, since both of them are unsafe and deprecated.
   
   I think it needs to be droped, but the behavior in the helm chart should be consistent with APISIX. Are these protocols droped in APISIX?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-helm-chart] bzp2010 commented on a diff in pull request #328: chore: support configuring SSL protocols

Posted by GitBox <gi...@apache.org>.

bzp2010 commented on code in PR #328:
URL: https://github.com/apache/apisix-helm-chart/pull/328#discussion_r951118426


##########
charts/apisix/values.yaml:
##########
@@ -142,6 +142,7 @@ gateway:
     certCAFilename: ""
     http2:
       enabled: true
+    sslProtocols: "TLSv1.2 TLSv1.3"

Review Comment:
   It is different from the previous value, do we need to consider compatibility? 🤔



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-helm-chart] tao12345666333 merged pull request #328: chore: support configuring SSL protocols

Posted by GitBox <gi...@apache.org>.

tao12345666333 merged PR #328:
URL: https://github.com/apache/apisix-helm-chart/pull/328


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-helm-chart] tokers commented on a diff in pull request #328: chore: support configuring SSL protocols

Posted by GitBox <gi...@apache.org>.

tokers commented on code in PR #328:
URL: https://github.com/apache/apisix-helm-chart/pull/328#discussion_r951215961


##########
charts/apisix/values.yaml:
##########
@@ -142,6 +142,7 @@ gateway:
     certCAFilename: ""
     http2:
       enabled: true
+    sslProtocols: "TLSv1.2 TLSv1.3"

Review Comment:
   Actually, I think we should drop the support of `TLSv1` and `TLSv1.1`, since both of them are unsafe and deprecated.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-helm-chart] tokers commented on a diff in pull request #328: chore: support configuring SSL protocols

Posted by GitBox <gi...@apache.org>.

tokers commented on code in PR #328:
URL: https://github.com/apache/apisix-helm-chart/pull/328#discussion_r952063309


##########
charts/apisix/values.yaml:
##########
@@ -142,6 +142,7 @@ gateway:
     certCAFilename: ""
     http2:
       enabled: true
+    sslProtocols: "TLSv1.2 TLSv1.3"

Review Comment:
   OK, then we can drop it after APISIX changes its default value.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-helm-chart] tao12345666333 commented on a diff in pull request #328: chore: support configuring SSL protocols

Posted by GitBox <gi...@apache.org>.

tao12345666333 commented on code in PR #328:
URL: https://github.com/apache/apisix-helm-chart/pull/328#discussion_r951141368


##########
charts/apisix/values.yaml:
##########
@@ -142,6 +142,7 @@ gateway:
     certCAFilename: ""
     http2:
       enabled: true
+    sslProtocols: "TLSv1.2 TLSv1.3"

Review Comment:
   I think we need.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix-helm-chart] tao12345666333 commented on a diff in pull request #328: chore: support configuring SSL protocols

Posted by GitBox <gi...@apache.org>.

tao12345666333 commented on code in PR #328:
URL: https://github.com/apache/apisix-helm-chart/pull/328#discussion_r952138791


##########
charts/apisix/values.yaml:
##########
@@ -142,6 +142,7 @@ gateway:
     certCAFilename: ""
     http2:
       enabled: true
+    sslProtocols: "TLSv1.2 TLSv1.3"

Review Comment:
   got it



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org