Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

e2e tests for min/max TLS protocol version and cipher suite #9104

Closed
ijsnellf opened this issue Oct 2, 2018 · 9 comments
Closed

e2e tests for min/max TLS protocol version and cipher suite #9104

ijsnellf opened this issue Oct 2, 2018 · 9 comments
Labels
area/networking area/security area/test and release lifecycle/automatically-closed Indicates a PR or issue that has been closed automatically. lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while
Milestone
1.5

Comments

@ijsnellf
Copy link
Contributor

ijsnellf commented Oct 2, 2018
edited
Loading

There are no e2e tests for min/max TLS protocol version and cipher suite. See istio/api#645 and #9103

Go doesn't seem to have an easy way to use an older version of TLS so we can easily test this.
@stale
Copy link

stale bot commented Dec 31, 2018

This issue has been automatically marked as stale because it has not had activity in the last 90 days. It will be closed in the next 30 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Dec 31, 2018
@PiotrSikora
Copy link
Contributor

You should be able to use tls.Config to set min/max protocol versions in Go, e.g.

cfg := &tls.Config{
    MinVersion:    tls.VersionTLS10,
    MaxVersion:    tls.VersionTLS11,
}

conn, err := tls.Dial("tcp", "127.0.0.1:443", cfg)
if err != nil {
    ...
}
defer conn.Close()

Background: I'm in process of modernizing TLS defaults in Envoy, so it would be great to make sure that configuring TLS protocol versions in Istio works, so that users can re-enable older protocols if needed.

@stale stale bot removed the stale label Jan 3, 2019
@PiotrSikora
Copy link
Contributor

@ijsnellf any chance this could make it before 1.1? Thanks!

@iftachsc
Copy link

+1. when is this expected to be out? thanks.

@stale
Copy link

stale bot commented May 27, 2019

This issue has been automatically marked as stale because it has not had activity in the last 90 days. It will be closed in the next 30 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.

@stale stale bot added the stale label May 27, 2019
@stale
Copy link

stale bot commented Jun 26, 2019

This issue has been automatically closed because it has not had activity in the last month and a half. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted". Thank you for your contributions.

@stale stale bot closed this as completed Jun 26, 2019
@PiotrSikora PiotrSikora reopened this Jun 27, 2019
@stale stale bot removed the stale label Jun 27, 2019
@myidpt
Copy link
Contributor

myidpt commented Aug 4, 2019

This is a nice to have test, but not high priority in the short term. I added "help wanted". It would be great if someone from community can help out.

@howardjohn howardjohn added this to the Nebulous Future milestone Sep 13, 2019
@istio-policy-bot istio-policy-bot added the lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while label Nov 6, 2019
@PiotrSikora
Copy link
Contributor

This would be good to add since upstream changed defaults (removed TLS 1.0 and TLS 1.1 from client-side defaults), so not having this might bite us in 1.5.

@istio-policy-bot istio-policy-bot removed the lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while label Nov 14, 2019
@PiotrSikora PiotrSikora modified the milestones: Nebulous Future, 1.5 Nov 14, 2019
@istio-policy-bot istio-policy-bot added the lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while label Feb 12, 2020
@istio-policy-bot
Copy link

🚧 This issue or pull request has been closed due to not having had activity from an Istio team member since 2019-11-14. If you feel this issue or pull request deserves attention, please reopen the issue. Please see this wiki page for more information. Thank you for your contributions.

Created by the issue and PR lifecycle manager.

@istio-policy-bot istio-policy-bot added the lifecycle/automatically-closed Indicates a PR or issue that has been closed automatically. label Feb 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/networking area/security area/test and release lifecycle/automatically-closed Indicates a PR or issue that has been closed automatically. lifecycle/stale Indicates a PR or issue hasn't been manipulated by an Istio team member for a while
Projects
None yet
Milestone
1.5
Development

No branches or pull requests
7 participants
@myidpt @PiotrSikora @howardjohn @ijsnellf @JimmyCYJ @iftachsc @istio-policy-bot