Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(infra): Update HTTP/HTTPS listener SSL policy #1049

Merged
merged 1 commit into from
Jul 28, 2022
Merged

chore(infra): Update HTTP/HTTPS listener SSL policy #1049

merged 1 commit into from
Jul 28, 2022

Conversation

DafyddLlyr
Copy link
Contributor

@DafyddLlyr DafyddLlyr commented Jul 28, 2022
edited
Loading

To test
Currently staging and production environments for API/Hasura/Metabase/ShareDB allow a handshake using TLS1.0 & TLS1.2.

This can be done with openssl s_client -connect {DOMAIN}:443 -tls{VERSION}, e.g. openssl s_client -connect hasura.editor.planx.dev:443 -tls1_1 and openssl s_client -connect hasura.editor.planx.dev:443 -tls1

Once merged to staging, I'd expect the two above commands to return an error - handshake failed.

@DafyddLlyr
chore(infra): Update HTTP/HTTPS listener SSL policy
a5f2718 
- New policy should exclude TLS1.1 and TLS1.2
@DafyddLlyr DafyddLlyr requested a review from a team July 28, 2022 15:17
@DafyddLlyr
Copy link
Contributor Author

Fix "SSL/TLS Vulnerabilities"

jessicamcinchak
jessicamcinchak approved these changes Jul 28, 2022
View reviewed changes
Copy link
Member

@jessicamcinchak jessicamcinchak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good - thanks for super thorough description on this one!

@github-actions
Copy link

github-actions bot commented Jul 28, 2022
edited
Loading

Removed vultr server and associated DNS entries

@DafyddLlyr DafyddLlyr merged commit f958274 into main Jul 28, 2022
@DafyddLlyr DafyddLlyr deleted the dp/infra-update-fargate-ssl-policy branch July 28, 2022 15:40
@DafyddLlyr DafyddLlyr mentioned this pull request Jul 28, 2022
Merged
gunar added a commit that referenced this pull request Jul 28, 2022
@gunar
Merge remote-tracking branch 'origin/main' into g/front-end-custom-do…
33f9481 
…mains

# By Jessica McInchak (11) and Dafydd Llŷr Pearson (10)
# Via GitHub
* origin/main: (21 commits)
  chore: Upgrade Editor dependencies (Part 1) (#1047)
  chore: upgrade metabase (#1050)
  fix: Drop sslPolicy for HTTP (#1051)
  chore(infra): Update HTTP/HTTPS listener SSL policy (#1049)
  chore: Enable Save and Return by default (#1048)
  fix: add single line address as separate CSV row (#1046)
  feat: Enable emailReplyToID (#1044)
  fix: Display ContentPage on Save and Return path (#1045)
  chore: upgrade scripts/seed-database dependencies (#1043)
  chore: upgrade e2e test dependencies (#1042)
  fix: adjust HASURA_GRAPHQL_CORS_DOMAIN in pulumi (#1041)
  fix: preserve breadcrumb order when reconciling changed content (#1034)
  fix: restrict a user from drawing a site boundary and uploading a location plan (#1040)
  feat: Apply basic rate limiting to API (#1038)
  fix: use HASURA_GRAPHQL_CORS_DOMAIN env variable to whitelist domains (#1039)
  fix: Downgrade passport back to 0.5.3 (#1037)
  chore: Update Hasura (#1035)
  build: Upgrade API dependencies (#1033)
  chore: remove Uniform feature flag (#1027)
  fix: Review page shows all DrawBoundary data (map and/or plan) and file gets correct BOPS tag (#1030)
  ...

# Conflicts:
#	editor.planx.uk/package.json
#	editor.planx.uk/pnpm-lock.yaml
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jessicamcinchak jessicamcinchak jessicamcinchak approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@DafyddLlyr @jessicamcinchak