DevFW-CICD/ingress-nginx-helm
14
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Enable TLSv1.3 by default

Browse source 
Fix for 049b25e566 which mistakenly only
updated documentation.
This commit is contained in:
Mark Janssen 2020-05-02 13:29:27 +02:00
parent 0e785a0bf2
commit 639a8c7871
2 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
internal/ingress/controller/config/config.go
View file

@ -70,7 +70,7 @@ const (
// SSL enabled protocols to use // SSL enabled protocols to use
// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols // http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_protocols
sslProtocols = "TLSv1.2" sslProtocols = "TLSv1.2 TLSv1.3"
// Disable TLS 1.3 early data // Disable TLS 1.3 early data
// http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data // http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_early_data

5
test/e2e/settings/tls.go
View file

@ -64,7 +64,10 @@ var _ = framework.DescribeSetting("[SSL] TLS protocols, ciphers and headers)", f
}) })
ginkgo.It("setting cipher suite", func() { ginkgo.It("setting cipher suite", func() {
f.UpdateNginxConfigMapData(sslCiphers, testCiphers) f.SetNginxConfigMapData(map[string]string{
sslCiphers: testCiphers,
sslProtocols: "TLSv1.2",
})
f.WaitForNginxConfiguration( f.WaitForNginxConfiguration(
func(cfg string) bool { func(cfg string) bool {