From 81cebf6b12b13f490cc0ff8c77abaaffc7ef590f Mon Sep 17 00:00:00 2001 From: derekguo001 Date: Fri, 13 May 2022 09:50:44 +0800 Subject: [PATCH] doc: Remove SHA-1 cipher suites from the defaults on the server-side (#21240) Related PR: https://github.com/envoyproxy/envoy/pull/20643 Signed-off-by: derekguo001 --- .../extensions/transport_sockets/tls/v3/common.proto | 8 -------- 1 file changed, 8 deletions(-) diff --git a/api/envoy/extensions/transport_sockets/tls/v3/common.proto b/api/envoy/extensions/transport_sockets/tls/v3/common.proto index 5fb8f1c89b4f..d38d4edf911e 100644 --- a/api/envoy/extensions/transport_sockets/tls/v3/common.proto +++ b/api/envoy/extensions/transport_sockets/tls/v3/common.proto @@ -66,12 +66,8 @@ message TlsParameters { // // [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305] // [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305] - // ECDHE-ECDSA-AES128-SHA - // ECDHE-RSA-AES128-SHA // ECDHE-ECDSA-AES256-GCM-SHA384 // ECDHE-RSA-AES256-GCM-SHA384 - // ECDHE-ECDSA-AES256-SHA - // ECDHE-RSA-AES256-SHA // // In builds using :ref:`BoringSSL FIPS `, the default server cipher list is: // @@ -79,12 +75,8 @@ message TlsParameters { // // ECDHE-ECDSA-AES128-GCM-SHA256 // ECDHE-RSA-AES128-GCM-SHA256 - // ECDHE-ECDSA-AES128-SHA - // ECDHE-RSA-AES128-SHA // ECDHE-ECDSA-AES256-GCM-SHA384 // ECDHE-RSA-AES256-GCM-SHA384 - // ECDHE-ECDSA-AES256-SHA - // ECDHE-RSA-AES256-SHA // // In non-FIPS builds, the default client cipher list is: //