-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Explicitly set MinVersion of TLS #135
Explicitly set MinVersion of TLS #135
Conversation
Skipping CI for Draft Pull Request. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: clobrano The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/test 4.13-openshift-e2e |
Testing with my cluster I am seeing some problems |
but not with |
/test 4.14-openshift-e2e |
test passed also in my local cluster /unhold |
I might be misunderstanding but I think it might be relevant here (see below - credentials.go L18-22) as well
Also since it's being used in couple of places, maybe keep a global const with the version ? |
Interesting, these two haven't been found by the scanner |
nevermind, at least one of them have been found by the scanner, my bad |
715d618
to
77c8dc4
Compare
/retest |
Currently, the default MinVersion value for TLS configuration is used, which is TLS1.0 and considered insecure. Explicitly set the MinVersion to a secure version of TLS. closes: https://issues.redhat.com/browse/ECOPROJECT-1419 Signed-off-by: Carlo Lobrano <[email protected]>
77c8dc4
to
968cd10
Compare
/retest |
2 similar comments
/retest |
/retest |
/lgtm |
/unhold |
/retest |
4 similar comments
/retest |
/retest |
/retest |
/retest |
I wonder if there is something that is making this test fail. I reproduce the failure also in my cluster (and the same test on the same cluster passes without the change of this PR), but I was waiting for FF to have a deeper analysis |
Currently, the default MinVersion value for TLS configuration is used,
which is TLS1.0 and considered insecure.
Explicitly set the MinVersion to a secure version of TLS.
closes: https://issues.redhat.com/browse/ECOPROJECT-1419
Signed-off-by: Carlo Lobrano [email protected]