-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls: update BoringSSL-FIPS to 20190808. #12114
Conversation
CC @envoyproxy/api-shepherds: Your approval is needed for changes made to |
Signed-off-by: Piotr Sikora <[email protected]>
05e8f36
to
91ae3c9
Compare
Signed-off-by: Piotr Sikora <[email protected]>
Since the version of BoringSSL that we use in FIPS prior to this PR is from mid-2018, I think it makes sense to backport it to the stable releases in order to enable TLS 1.3 there. Any objections @lambdai @mattklein123 @htuch @lizan? /backport |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SGTM
/backport approve
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think backport is OK if you have a motivation from the Istio perspective and want to do the work. I don't think it's strictly needed, i.e. this isn't some security fix or concern with previously shipped functionality.
/lgtm v2-freeze |
Signed-off-by: Piotr Sikora <[email protected]> Signed-off-by: Kevin Baichoo <[email protected]>
Signed-off-by: Piotr Sikora <[email protected]> Signed-off-by: scheler <[email protected]>
Signed-off-by: Piotr Sikora [email protected]