[release-1.28] Enable TLSv1.2 for ZTunnel when in FIPS mode (#1596)#678
Closed
zmiklank wants to merge 1 commit intoopenshift-service-mesh:release-3.2from
Closed
[release-1.28] Enable TLSv1.2 for ZTunnel when in FIPS mode (#1596)#678zmiklank wants to merge 1 commit intoopenshift-service-mesh:release-3.2from
zmiklank wants to merge 1 commit intoopenshift-service-mesh:release-3.2from
Conversation
…osystem#1596) * Enable TLSv1.2 for ZTunnel when in FIPS mode This change builds on istio/ztunnel#1711 which adds TLSv1.2 support to ZTunnel when `TLS12_ENABLED` is set to `true`. This patch will always set the env var when in FIPS mode, for all versions of ZTunnel, even though it is only supported from 1.29+, but the env var will simply be ignored by versions that don't support it. Signed-off-by: Daniel Grimm <dgrimm@redhat.com> * Make sure that FipsEnabled is restored to original value In our tests, we sometimes set FipsEnabled manually. We should make sure to reset it to its original value during test cleanup. Signed-off-by: Daniel Grimm <dgrimm@redhat.com> --------- Signed-off-by: Daniel Grimm <dgrimm@redhat.com>
|
@zmiklank any specific reason why we are pushing this PR directly in the midstream repo and not in the sail-operator? |
Member
Author
|
@sridhargaddam Right, now I see I should have created it against upstream repo. Sorry and thanks for catching this. I will close this PR and open second one against the upstream. |
Member
Author
|
This is the new PR: istio-ecosystem#1606 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This change builds on istio/ztunnel#1711 which adds TLSv1.2 support to ZTunnel when
TLS12_ENABLEDis set totrue. This patch will always set the env var when in FIPS mode, for all versions of ZTunnel, even though it is only supported from 1.29+, but the env var will simply be ignored by versions that don't support it.In our tests, we sometimes set FipsEnabled manually. We should make sure to reset it to its original value during test cleanup.