-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http2 enabled and ciphers changed to get an A+ rating instead of B fr… #16990
http2 enabled and ciphers changed to get an A+ rating instead of B fr… #16990
Conversation
We may have concerns during ssl handshake phase if the cipher changed. Could you please make this config as optional in addition to the default behavior as it is? |
This PR is being marked stale due to a period of inactivty. If this PR is still relevant, please comment or remove the stale label. Otherwise, this PR will close in 30 days. |
This PR is being marked stale due to a period of inactivty. If this PR is still relevant, please comment or remove the stale label. Otherwise, this PR will close in 30 days. |
@zyyw @wy65701436 @mcsage is that still valid ? |
Signed-off-by: Stephan Hohn <[email protected]>
44bc1a3
to
a94fe7d
Compare
Signed-off-by: Stephan Hohn <[email protected]>
Signed-off-by: Stephan Hohn <[email protected]>
I think it's still valid. I made it optional. |
@YangJiao0817 please help to test it, cc @stonezdj |
@zyyw @MinerYang Should this be considered a Helm impact? If so, I would prefer to include it in version 2.9. |
Codecov Report
@@ Coverage Diff @@
## main #16990 +/- ##
==========================================
+ Coverage 67.24% 67.38% +0.13%
==========================================
Files 980 980
Lines 106749 106749
Branches 2665 2665
==========================================
+ Hits 71787 71932 +145
+ Misses 31112 30948 -164
- Partials 3850 3869 +19
Flags with carried forward coverage won't be shown. Click here to find out more. |
Link to issue #16367 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
We probably need consider the changes in the nginx /nginx.https.conf.jinja not just portal/nginx.conf.jinja |
Will submit another follow-up PR to add in nginx /nginx.https.conf.jinja as well as take care of the prepare migration part |
@mcsage great to see that merged :) congrats :) and welcome to the club! |
goharbor#16990) * Make strong cipher cfg optional Signed-off-by: Stephan Hohn <[email protected]> --------- Signed-off-by: Stephan Hohn <[email protected]> Signed-off-by: MinerYang <[email protected]> Co-authored-by: Stephan Hohn <[email protected]> Co-authored-by: Wang Yan <[email protected]> Co-authored-by: MinerYang <[email protected]> Signed-off-by: Wilfred Almeida <[email protected]>
goharbor#16990) * Make strong cipher cfg optional Signed-off-by: Stephan Hohn <[email protected]> --------- Signed-off-by: Stephan Hohn <[email protected]> Signed-off-by: MinerYang <[email protected]> Co-authored-by: Stephan Hohn <[email protected]> Co-authored-by: Wang Yan <[email protected]> Co-authored-by: MinerYang <[email protected]>
http2 enabled and ciphers changed to get an A+ rating instead of B from ssllabs
Thank you for contributing to Harbor!
Comprehensive Summary of your change
Issue being fixed
Fixes #(issue)
Please indicate you've done the following: