Skip to content

tls: remove SHA-1 cipher suites from the defaults on the server-side#20643

Merged
wrowe merged 1 commit intoenvoyproxy:mainfrom
derekguo001:remove-sha1-cipher-suite
Apr 16, 2022
Merged

tls: remove SHA-1 cipher suites from the defaults on the server-side#20643
wrowe merged 1 commit intoenvoyproxy:mainfrom
derekguo001:remove-sha1-cipher-suite

Conversation

@derekguo001
Copy link
Copy Markdown

@derekguo001 derekguo001 commented Apr 2, 2022

Signed-off-by: derekguo001 dong.guo@intel.com

Commit Message: tls: remove SHA-1 cipher suites from the defaults on the server-side
Additional Description:
Risk Level:
Testing:
Docs Changes:
Release Notes: tls: remove SHA-1 cipher suites from the defaults on the server-side
Platform Specific Features:
[Optional Runtime guard:]
[Optional Fixes #Issue] #5400
[Optional Fixes commit #PR or SHA]
[Optional Deprecated:]
[Optional API Considerations:]

@derekguo001
Copy link
Copy Markdown
Author

derekguo001 commented Apr 3, 2022

/retest

@repokitteh-read-only
Copy link
Copy Markdown

repokitteh-read-only bot commented Apr 3, 2022

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #20643 (comment) was created by @derekguo001.

see: more, trace.

@wrowe
Copy link
Copy Markdown
Contributor

wrowe commented Apr 6, 2022

Per #5401 - @PiotrSikora can you confirm it's time to land this deprecation, and that the changes entry is sufficient?

@wrowe wrowe requested a review from PiotrSikora April 6, 2022 00:38
@wrowe wrowe self-assigned this Apr 6, 2022
PiotrSikora
PiotrSikora previously approved these changes Apr 6, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@PiotrSikora PiotrSikora left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change looks fine, but as usual, I'd recommend merging it after release instead of right before it.

@wrowe
Copy link
Copy Markdown
Contributor

wrowe commented Apr 6, 2022

/wait on the quarterly release coming up mid-April

tls: remove SHA-1 cipher suites from the defaults on the server-side
ad17b92 
Signed-off-by: derekguo001 <dong.guo@intel.com>
@wrowe
Copy link
Copy Markdown
Contributor

wrowe commented Apr 16, 2022

I'd recommend merging it after release instead of right before it.

Agreed, moving it forward once it clears CI.

/retest

@repokitteh-read-only
Copy link
Copy Markdown

repokitteh-read-only bot commented Apr 16, 2022

Retrying Azure Pipelines:
Retried failed jobs in: envoy-presubmit

🐱

Caused by: a #20643 (comment) was created by @wrowe.

see: more, trace.

@wrowe
Copy link
Copy Markdown
Contributor

wrowe commented Apr 16, 2022

/lgtm

@repokitteh-read-only
Copy link
Copy Markdown

repokitteh-read-only bot commented Apr 16, 2022

please specify a single label can be specified

🐱

Caused by: a #20643 (comment) was created by @wrowe.

see: more, trace.

@wrowe wrowe merged commit 5181d23 into envoyproxy:main Apr 16, 2022
@derekguo001 derekguo001 deleted the remove-sha1-cipher-suite branch April 17, 2022 01:56
@mum4k mum4k mentioned this pull request Apr 18, 2022
Merged
vehre-x41 pushed a commit to vehre-x41/envoy that referenced this pull request Apr 19, 2022
@vehre-x41
tls: remove SHA-1 cipher suites from the defaults on the server-side (e…
368cdec 
…nvoyproxy#20643)

Signed-off-by: derekguo001 <dong.guo@intel.com>
Signed-off-by: Andre Vehreschild <vehre@x41-dsec.de>
mum4k added a commit to envoyproxy/nighthawk that referenced this pull request Apr 19, 2022
@mum4k
Update Envoy to 569f239 (Apr 18th 2022). (#834)
a05667a 
- updated `.bazelrc` based on envoyproxy/envoy#20852 and envoyproxy/envoy#20813. Disabling platform mappings in our configuration, since we don't need them.
- no changes in `.bazelversion`, `ci/run_envoy_docker.sh` or `tools/gen_compilation_database.py`.
- switching integration tests that verify custom TLS configuration to another two ciphers that are supported in the default Envoy server configuration after envoyproxy/envoy#20643.

Signed-off-by: Jakub Sobon <mumak@google.com>
@PiotrSikora PiotrSikora mentioned this pull request May 3, 2022
Merged
@derekguo001 derekguo001 mentioned this pull request May 11, 2022
Merged
htuch pushed a commit that referenced this pull request May 13, 2022
doc: Remove SHA-1 cipher suites from the defaults on the server-side (#…
81cebf6 
…21240)

Related PR: #20643

Signed-off-by: derekguo001 <dong.guo@intel.com>
lizan pushed a commit to envoyproxy/data-plane-api that referenced this pull request May 13, 2022
doc: Remove SHA-1 cipher suites from the defaults on the server-side …
0e84324 
…(#21240)

Related PR: envoyproxy/envoy#20643

Signed-off-by: derekguo001 <dong.guo@intel.com>

Mirrored from https://github.com/envoyproxy/envoy @ 81cebf6b12b13f490cc0ff8c77abaaffc7ef590f
ravenblackx pushed a commit to ravenblackx/envoy that referenced this pull request Jun 8, 2022
@ravenblackx
tls: remove SHA-1 cipher suites from the defaults on the server-side (e…
f1bf2c5 
…nvoyproxy#20643)

Signed-off-by: derekguo001 <dong.guo@intel.com>
ravenblackx pushed a commit to ravenblackx/envoy that referenced this pull request Jun 8, 2022
@ravenblackx
doc: Remove SHA-1 cipher suites from the defaults on the server-side (e…
6e81347 
…nvoyproxy#21240)

Related PR: envoyproxy#20643

Signed-off-by: derekguo001 <dong.guo@intel.com>
oschaaf pushed a commit to maistra/envoy that referenced this pull request Oct 26, 2022
doc: Remove SHA-1 cipher suites from the defaults on the server-side …
aff3028 
…(#21240)

Related PR: envoyproxy/envoy#20643

Signed-off-by: derekguo001 <dong.guo@intel.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lizan lizan Awaiting requested review from lizan

@ggreenway ggreenway Awaiting requested review from ggreenway ggreenway is a code owner

2 more reviewers

@wrowe wrowe wrowe approved these changes

@PiotrSikora PiotrSikora PiotrSikora left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@wrowe wrowe

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@derekguo001 @wrowe @PiotrSikora