Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove RSA key transport from the defaults on the server-side #5399

Closed
PiotrSikora opened this issue Dec 22, 2018 · 0 comments · Fixed by #20862
Closed

Remove RSA key transport from the defaults on the server-side #5399

PiotrSikora opened this issue Dec 22, 2018 · 0 comments · Fixed by #20862
Labels

Comments

@PiotrSikora
Copy link
Contributor

This is the intent to remove RSA key transport (i.e. AES128-GCM-SHA256, AES128-SHA, AES256-GCM-SHA384 and AES256-SHA) from the default cipher suites on the server-side.

This change will affect your deployment if it's using default cipher suites (i.e. not configuring cipher_suites) and it's accepting incoming connections using those cipher suites:

$ curl -s localhost:9901/stats | grep -E "^listener.*.ssl.ciphers.AES"
listener.<address>.ssl.ciphers.AES128-GCM-SHA256: 1
listener.<address>.ssl.ciphers.AES128-SHA: 1
listener.<address>.ssl.ciphers.AES256-GCM-SHA384: 1
listener.<address>.ssl.ciphers.AES256-SHA: 1

(This works only with Envoy v1.9.0 and newer)

ETA: 1.14 (i.e. ~mid 2020)

@mattklein123 mattklein123 added area/tls no stalebot Disables stalebot from closing an issue labels Dec 24, 2018
@PiotrSikora PiotrSikora changed the title Deprecate RSA key transport on the server-side Remove RSA key transport from the defaults on the server-side Jan 3, 2019
@mattklein123 mattklein123 added help wanted Needs help! and removed no stalebot Disables stalebot from closing an issue labels Jan 15, 2021
ggreenway pushed a commit that referenced this issue May 4, 2022
ravenblackx pushed a commit to ravenblackx/envoy that referenced this issue Jun 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants