Skip to content

[release-1.29] Add tls12 support#1819

Open
chinaran wants to merge 2 commits intoistio:release-1.29from
chinaran:fix-1.29/add-tls12-support
Open

[release-1.29] Add tls12 support#1819
chinaran wants to merge 2 commits intoistio:release-1.29from
chinaran:fix-1.29/add-tls12-support

Conversation

@chinaran
Copy link
Copy Markdown

@chinaran chinaran commented Mar 31, 2026

dgn added 2 commits March 31, 2026 14:33
@dgn @chinaran
add support for TLSv1.2
6440669 
by setting `TLS12_ENABLED` to `true`, ztunnel will negotiate TLSv1.2 or
1.3.

Fixes istio#1296 until we have FIPS-140-3 support in istiod.
@dgn @chinaran
fix TLSv1.2 support by adding missing ciphersuites (istio#1779)
a0a2cea 
It turns out that Istio's SPIFFE certs use ECDSA certificates, which
only became a problem once I started testing against waypoint proxies.
This adds the missing CipherSuites (which are still FIPS-compliant of
course) to unblock Waypoint->ZTunnel communication.
@chinaran chinaran requested a review from a team as a code owner March 31, 2026 06:34
@istio-testing istio-testing added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Mar 31, 2026
@istio-testing
Copy link
Copy Markdown
Contributor

istio-testing commented Mar 31, 2026

Hi @chinaran. Thanks for your PR.

I'm waiting for a istio member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Tip

We noticed you've done this a few times! Consider joining the org to skip this step and gain /lgtm and other bot rights. We recommend asking approvers on your previous PRs to sponsor you.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

needs-ok-to-test size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@chinaran @istio-testing @dgn