Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove TLS 1.0 and 1.1 from the defaults on the server-side #5398

Closed
PiotrSikora opened this issue Dec 22, 2018 · 3 comments
Closed

Remove TLS 1.0 and 1.1 from the defaults on the server-side #5398

PiotrSikora opened this issue Dec 22, 2018 · 3 comments
Labels
area/tls help wanted Needs help!

Comments

@PiotrSikora
Copy link
Contributor

This is the intent to remove TLS 1.0 and 1.1 from the default TLS protocols on the server-side.

This change will affect your deployment if it's using default minimum TLS protocol version (i.e. not configuring tls_minimum_protocol_version) and it's accepting incoming TLS 1.0 or 1.1 connections:

$ curl -s localhost:9901/stats | grep -E "^listener.*.ssl.versions.TLSv(1|1.1):"
listener.<address>.ssl.versions.TLSv1: 1
listener.<address>.ssl.versions.TLSv1.1: 1

(This works only with Envoy v1.9.0 and newer)

ETA: 1.13 (i.e. early 2020)
@PiotrSikora PiotrSikora mentioned this issue Dec 22, 2018
Open
11 tasks
@mattklein123 mattklein123 added area/tls no stalebot Disables stalebot from closing an issue labels Dec 24, 2018
@PiotrSikora PiotrSikora changed the title Deprecate TLS 1.0 and 1.1 on the server-side Remove TLS 1.0 and 1.1 from the defaults on the server-side Jan 3, 2019
@mattklein123 mattklein123 added help wanted Needs help! and removed no stalebot Disables stalebot from closing an issue labels Jan 15, 2021
@derekguo001 derekguo001 mentioned this issue Dec 21, 2021
Merged
@derekguo001
Copy link

/assign derekguo001

@repokitteh-read-only
Copy link

derekguo001 is not allowed to assign users.

🐱

Caused by: a #5398 (comment) was created by @derekguo001.

see: more, trace.

@ggreenway
Copy link
Contributor

Fixed in #19330

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/tls help wanted Needs help!
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@PiotrSikora @mattklein123 @ggreenway @derekguo001