Skip to content

fix: remove deprecated default cipher for golang >=1.22#17569

Merged
alexmt merged 3 commits intoargoproj:masterfrom
joshrwolf:tls-ciphers
Apr 17, 2024
Merged

fix: remove deprecated default cipher for golang >=1.22#17569
alexmt merged 3 commits intoargoproj:masterfrom
joshrwolf:tls-ciphers

Conversation

@joshrwolf
Copy link
Contributor

@joshrwolf joshrwolf commented Mar 19, 2024
edited
Loading

Closes #17571

newer versions of go remove the TLS_RSA_WITH_AES_256_GCM_SHA384 as an available cipher.

this PR simply removes it in favor of the existing default TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, which remains a valid default option for the existing go toolchain version, and future ones

Checklist:

  • [] Either (a) I've created an enhancement proposal and discussed it with the community, (b) this is a bug fix, or (c) this does not need to be in the release notes.
  • The title of the PR states what changed and the related issues number (used for the release note).
  • The title of the PR conforms to the Toolchain Guide
  • I've included "Closes [ISSUE #]" or "Fixes [ISSUE #]" in the description to automatically close the associated issue.
  • I've updated both the CLI and UI to expose my feature, or I plan to submit a second PR with them.
  • Does this PR require documentation updates?
  • I've updated documentation as required by this PR.
  • I have signed off all my commits as required by DCO
  • I have written unit and/or e2e tests for my change. PRs without these are unlikely to be merged.
  • My build is green (troubleshooting builds).
  • My new feature complies with the feature status guidelines.
  • I have added a brief description of why this PR is necessary and/or what this PR solves.
  • Optional. My organization is added to USERS.md.
  • Optional. For bug fixes, I've indicated what older releases this fix should be cherry-picked into (this may or may not happen depending on risk/complexity).

@joshrwolf joshrwolf requested a review from a team as a code owner March 19, 2024 15:12
@joshrwolf
remove deprecated default cipher
df23831 
Signed-off-by: Josh Wolf <josh@wolfs.io>
@joshrwolf joshrwolf mentioned this pull request Mar 19, 2024
Closed
@blakepettersson
Copy link
Member

blakepettersson commented Mar 21, 2024

Have you run make codegen? Which versions of Go does this apply for BTW?

@blakepettersson blakepettersson changed the title remove deprecated default cipher fix: remove deprecated default cipher for newer golang versions Mar 21, 2024
@blakepettersson
Copy link
Member

blakepettersson commented Mar 21, 2024

I see, golang/go#63413

@blakepettersson blakepettersson changed the title fix: remove deprecated default cipher for newer golang versions fix: remove deprecated default cipher for golang >=1.22 Mar 21, 2024
@blakepettersson
Copy link
Member

blakepettersson commented Apr 3, 2024

@joshrwolf I'll mark this PR as a draft until you run make codegen-local on your machine and commit those changes.

@blakepettersson blakepettersson marked this pull request as draft April 3, 2024 19:19
This was referenced Apr 5, 2024
Closed
Merged
@agaudreault
Copy link
Member

agaudreault commented Apr 9, 2024

FYI, I had go 1.22 installed and running the codegen locally gave me errors with packages downloaded with go 1.22. After installing 1.21, re-downloading all the local toolings in dist/, I don't have the error anymore. Not sure if there is a bigger issue on upgrading argo to 1.22, but this might affect you.

See kubernetes-sigs/controller-tools#888

+ ./dist/gen-crd-spec
panic: runtime error: invalid memory address or nil pointer dereference [recovered]
        panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x2 addr=0x0 pc=0x100ef4450]

Ref: kubernetes-sigs/controller-tools#888

@alexmt
regenerate CLI docs
e5e490a 
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
@alexmt
Copy link
Collaborator

alexmt commented Apr 17, 2024

I took the liberty, run codegen and pushed changes to the branch (make clidocsgen to regenerate docs only)

@alexmt alexmt marked this pull request as ready for review April 17, 2024 18:47
@alexmt alexmt requested a review from a team as a code owner April 17, 2024 18:47
alexmt
alexmt approved these changes Apr 17, 2024
View reviewed changes
Copy link
Collaborator

@alexmt alexmt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@alexmt alexmt enabled auto-merge (squash) April 17, 2024 18:53
@alexmt alexmt merged commit b867c9e into argoproj:master Apr 17, 2024
@developer-guy developer-guy mentioned this pull request Apr 26, 2024
Merged
11 tasks
@leoluz leoluz mentioned this pull request May 6, 2024
Closed
3 tasks
@blakepettersson blakepettersson mentioned this pull request May 9, 2024
Open
mkieweg pushed a commit to mkieweg/argo-cd that referenced this pull request Jun 11, 2024
@joshrwolf @jannfis
@alexmt @mkieweg
fix: remove deprecated default cipher for golang >=1.22 (argoproj#17569)
7d9e797 
* remove deprecated default cipher

Signed-off-by: Josh Wolf <josh@wolfs.io>

* regenerate CLI docs

Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>

---------

Signed-off-by: Josh Wolf <josh@wolfs.io>
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
Co-authored-by: Jann Fischer <jann@mistrust.net>
Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
Hariharasuthan99 pushed a commit to AmadeusITGroup/argo-cd that referenced this pull request Jun 16, 2024
@joshrwolf @jannfis
@alexmt @Hariharasuthan99
fix: remove deprecated default cipher for golang >=1.22 (argoproj#17569)
81d2e14 
* remove deprecated default cipher

Signed-off-by: Josh Wolf <josh@wolfs.io>

* regenerate CLI docs

Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>

---------

Signed-off-by: Josh Wolf <josh@wolfs.io>
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
Co-authored-by: Jann Fischer <jann@mistrust.net>
Co-authored-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
@ashinsabu3
Copy link
Contributor

ashinsabu3 commented Jun 19, 2024

Is this there in any released versions yet? @alexmt

@blakepettersson
Copy link
Member

blakepettersson commented Jun 19, 2024
edited
Loading

This is slated for 2.12; there's an RC out for it now.

@xlanor xlanor mentioned this pull request Nov 30, 2024
Merged
14 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexmt alexmt alexmt approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Default cipher values are invalid for newer versions of go.

6 participants

@joshrwolf @blakepettersson @agaudreault @alexmt @ashinsabu3 @jannfis