Enable TLSv1.3 by default

Fix for 049b25e566 which mistakenly only updated documentation.
2020-05-02 13:29:27 +02:00 · 2020-05-02 13:29:27 +02:00 · 639a8c7871
commit 639a8c7871
parent 0e785a0bf2
2 changed files with 5 additions and 2 deletions
--- a/internal/ingress/controller/config/config.go
+++ b/internal/ingress/controller/config/config.go
@ -70,7 +70,7 @@ const (

 	// SSL enabled protocols to use
 	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols
-	sslProtocols = "TLSv1.2"
+	sslProtocols = "TLSv1.2 TLSv1.3"

 	// Disable TLS 1.3 early data
 	// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data
--- a/test/e2e/settings/tls.go
+++ b/test/e2e/settings/tls.go
@ -64,7 +64,10 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
 		})

 		ginkgo.It("setting cipher suite", func() {
-			f.UpdateNginxConfigMapData(sslCiphers, testCiphers)
+			f.SetNginxConfigMapData(map[string]string{
+				sslCiphers:   testCiphers,
+				sslProtocols: "TLSv1.2",
+			})

 			f.WaitForNginxConfiguration(
 				func(cfg string) bool {