feat(istio): add configurable TLS version

- Introduced support for configuring the minimum TLS version for UDS Core. - Added 'supportTLSV1_2' boolean flag in values file to allow selection between TLS 1.2 and TLS 1.3. - Updated Helm templates to conditionally set 'minProtocolVersion' based on 'supportTLSV1_2' value. - Ensured backward compatibility by defaulting to TLS 1.3. - Commented and documented the new configuration option for clarity. Closes #599 Signed-off-by: jamestexas <[email protected]>
defenseunicorns · Jul 31, 2024 · d5a0ee2 · d5a0ee2
1 parent f2164e1
commit d5a0ee2
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/src/istio/chart/templates/gateway.yaml b/src/istio/chart/templates/gateway.yaml
@@ -32,7 +32,7 @@ spec:
         mode: {{ $server.mode }}
         {{- if ne $server.mode "PASSTHROUGH" }}
         credentialName: gateway-tls
-        minProtocolVersion: TLSV1_3
+        minProtocolVersion: {{ if .Values.tls.supportTLSV1_2 }}TLSV1_2{{ else }}TLSV1_3{{ end }}
         {{- end }}
     {{ end }}
 {{ end }}
diff --git a/src/istio/chart/values.yaml b/src/istio/chart/values.yaml
@@ -24,3 +24,5 @@ domain: "###ZARF_VAR_DOMAIN###"
 #       # Hosts to add to this gateway
 #       hosts:
 #         - "*"
+#   # Whether to support TLS 1.2 (if false, only TLS 1.3 will be supported)
+#   supportTLSV1_2: false