Automatically set tls_maximum_protocol_version to opt in to TLS 1.3 #672
Comments
davecheney
added
help wanted
davecheney
changed the title
|
Thank you for raising this issue. I'll schedule this for 0.7; we'll need to upgrade our envoy dependency to 1.7.x first. For anyone looking to address this issue, the tls_maximum_protocol_version configuration field should be set unconditionally. Please do not make this configurable. |
davecheney
added
the
kind/feature
|
How should that condition look like? Just annotation to enable TLS 1.3? I might try doing that myself, once envoy is updated. |
Yup, look at the function |
So that TLS 1.3 is just always on? |
Yes, we'll unconditionally raise the maximum supported TLS version from 1.2 to 1.3. |
|
Okay just tell me when you are done with 1.7.x and I will start try around with go |
|
@cromefire the blocking issues have been resolved. You're welcome to work on this for 0.7 which will go into free in the last week of October. |
|
Allright, it would be nice if you could assign, so so I don't loose track of it |
|
I tried but github won't let me.
…On 8 October 2018 at 16:03, Cromefire_ ***@***.***> wrote:
Allright, it would be nice if you could assign, so so I don't loose track
of it
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#672 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAAcA6_iz3wZcOUOz_3Eb_lr0_IUmtrZks5uityUgaJpZM4WkOWZ>
.
|
|
I gave up due to problems with the sign off constraint and go (and godep) being bad at being user friendly. So if some one else want's to look at it, the solutions are the but I'm unable to commit them without trying again and again. |
Please add support for the
tls_maximum_protocol_versionenvoy api parameter (like you do fortls_minimum_protocol_version) to allow users to opt in to TLS 1.3. See envoyproxy/envoy#3544.The text was updated successfully, but these errors were encountered: