Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deprecate TLS v1.1, change ciphers #388

Merged
merged 3 commits into from
Jan 2, 2025
Merged

Deprecate TLS v1.1, change ciphers #388

merged 3 commits into from
Jan 2, 2025
+4 −4

Conversation

hweawer
Copy link
Collaborator

@hweawer hweawer commented Dec 20, 2024

What

Deprecating TLS v1.1, remove ciphers. Affects all the Kraken services.

Why

Mitigating vulnerabilities that were found with the security checks.

| tlsv1_0-enabled                                 | TLS Server Supports TLS version 1-0                         |
| ssl-cve-2011-3389-beast                         | TLS-SSL Server is enabling the BEAST attack                 |
| ssl-weak-message-authentication-code-algorithms | TLS-SSL Weak Message Authentication Code Cipher Suites      |

How

Changing nginx configs. Tested that pulling works in a devzone.

@hweawer hweawer self-assigned this Dec 20, 2024
@CLAassistant
Copy link

CLAassistant commented Dec 20, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

gkeesh7
gkeesh7 approved these changes Dec 24, 2024
View reviewed changes
Copy link
Collaborator

@gkeesh7 gkeesh7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for doing this. One comment rest LGTM.

nginx/config/base.go Outdated Show resolved Hide resolved
@gkeesh7
Copy link
Collaborator

gkeesh7 commented Jan 2, 2025

LGTM @hweawer Please go ahead an merge

@hweawer hweawer merged commit e757d98 into master Jan 2, 2025
5 checks passed
@hweawer hweawer deleted the FOUNDSEC-648 branch January 2, 2025 10:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gkeesh7 gkeesh7 gkeesh7 approved these changes

@MKrupauskas MKrupauskas MKrupauskas approved these changes

@Anton-Kalpakchiev Anton-Kalpakchiev Awaiting requested review from Anton-Kalpakchiev

Assignees

@hweawer hweawer

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@hweawer @CLAassistant @gkeesh7 @MKrupauskas