Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

credentials: if not set, restrict to TLS v1.2+ and CipherSuites per RFC7540 #6776

Merged
merged 2 commits into from
Nov 15, 2023
Merged

credentials: if not set, restrict to TLS v1.2+ and CipherSuites per RFC7540 #6776

merged 2 commits into from
Nov 15, 2023

Conversation

dfawley
Copy link
Member

@dfawley dfawley commented Nov 8, 2023

Fixes #6758

cc @ejona86 FYI

RELEASE NOTES:

  • credentials: if not set, set TLS MinVersion to 1.2 and CipherSuites according to supported suites not forbidden by RFC7540. This is a behavior change to bring us into better alignment with RFC 7540.

@dfawley dfawley added the Type: Security A bug or other problem affecting security label Nov 8, 2023
@dfawley dfawley added this to the 1.60 Release milestone Nov 8, 2023
@dfawley dfawley requested a review from ginayeh November 8, 2023 19:38
@codecov Codecov
Copy link

codecov bot commented Nov 8, 2023
edited
Loading

Codecov Report

Merging #6776 (aa13a32) into master (482de22) will increase coverage by 0.02%.
Report is 8 commits behind head on master.
The diff coverage is 100.00%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #6776      +/-   ##
==========================================
+ Coverage   83.40%   83.43%   +0.02%     
==========================================
  Files         285      285              
  Lines       30966    30969       +3     
==========================================
+ Hits        25828    25838      +10     
+ Misses       4068     4056      -12     
- Partials     1070     1075       +5
Files Coverage Δ
credentials/tls.go 80.00% <100.00%> (+2.01%) ⬆️

... and 17 files with indirect coverage changes

@arvindbr8 arvindbr8 modified the milestones: 1.60 Release, 1.61 Release Nov 14, 2023
ginayeh
ginayeh approved these changes Nov 15, 2023
View reviewed changes
Copy link
Contributor

@ginayeh ginayeh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you might want to check the spelling suggestion from vet before merging

@dfawley dfawley merged commit 424db25 into grpc:master Nov 15, 2023
14 checks passed
@dfawley dfawley deleted the tlsminver branch November 15, 2023 15:10
@dfawley dfawley modified the milestones: 1.61 Release, 1.60 Release Nov 15, 2023
dfawley added a commit to dfawley/grpc-go that referenced this pull request Nov 15, 2023
@dfawley
credentials: if not set, restrict to TLS v1.2+ and CipherSuites per R…
e77aa24 
…FC7540 (grpc#6776)
@dfawley dfawley mentioned this pull request Nov 15, 2023
Merged
@karimra karimra mentioned this pull request Feb 1, 2024
Closed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 14, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@ginayeh ginayeh ginayeh approved these changes

Assignees

@ginayeh ginayeh

Labels
Type: Security A bug or other problem affecting security
Projects
None yet
Milestone
1.60 Release
Development

Successfully merging this pull request may close these issues.

GRPC Server allows usage of TLS1.0 for HTTP/2 protocol
3 participants
@dfawley @ginayeh @arvindbr8