tls: remove RSA key transport cipher suites from the defaults on the server-side #20862
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
/retest |
|
Retrying Azure Pipelines: |
ggreenway
requested changes
Apr 20, 2022
pradeepcrao
reviewed
Apr 21, 2022
|
CC @envoyproxy/api-shepherds: Your approval is needed for changes made to |
adisuissa
reviewed
Apr 25, 2022
|
LGTM, module comment and doc merge. /wait |
|
/retest |
|
Retrying Azure Pipelines: |
adisuissa
previously approved these changes
May 3, 2022
ggreenway
approved these changes
May 3, 2022
ggreenway
requested changes
May 3, 2022
PiotrSikora
reviewed
May 3, 2022
…server-side Signed-off-by: derekguo001 <[email protected]>
ggreenway
approved these changes
May 4, 2022
mum4k
pushed a commit
to envoyproxy/nighthawk
that referenced
this pull request
May 11, 2022
- Update bazel/repositories.bzl - Update .bazelrc. Uncommented platform_mappings override as it is necessary for nighthawk to build. - Update .bazelversion - Update stream_decoder with updated interface (envoyproxy/envoy#20367). Setting to nullptr is fine as an appropriate default is set if nullptr is passed. In addition, tracing is not a large concern for nighthawk. - Changes due to (envoyproxy/envoy#20862). Due to cipher deprecation, there is only 1 RSA and DSA cipher default left. As a result, to preserve testing coverage, the appropriate certs need to be loaded to the nighthawk instances to test multiple ciphers. As a result, created a new nighthawk configuration file and refactored integration tests. - Updated update process documentation to create PR as last step. - Temporarily disable the `clang-tidy` CI step until #849 gets resolved. Signed-off-by: tomjzzhang <[email protected]>
ravenblackx
pushed a commit
to ravenblackx/envoy
that referenced
this pull request
Jun 8, 2022
…server-side (envoyproxy#20862) Fixes envoyproxy#5399 Signed-off-by: derekguo001 <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
tls: remove RSA key transport cipher suites from the defaults on the server-side
Signed-off-by: derekguo001 [email protected]
Commit Message:
Additional Description:
Risk Level: Low
Testing: integration
Docs Changes: N/A
Release Notes: Added
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue] Fixes #5399 and checks off one box for #5401
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional API Considerations:]
@PiotrSikora @ggreenway @yanavlasov Please help to view it when you are available. Thanks!