Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

credentials: if not set, restrict to TLS v1.2+ and CipherSuites per RFC7540 #6776

Merged
merged 2 commits into from
Nov 15, 2023

Conversation

dfawley
Copy link
Member

@dfawley dfawley commented Nov 8, 2023

Fixes #6758

cc @ejona86 FYI

RELEASE NOTES:

  • credentials: if not set, set TLS MinVersion to 1.2 and CipherSuites according to supported suites not forbidden by RFC7540. This is a behavior change to bring us into better alignment with RFC 7540.

@dfawley dfawley added the Type: Security A bug or other problem affecting security label Nov 8, 2023
@dfawley dfawley added this to the 1.60 Release milestone Nov 8, 2023
@dfawley dfawley requested a review from ginayeh November 8, 2023 19:38
Copy link

codecov bot commented Nov 8, 2023

Codecov Report

Merging #6776 (aa13a32) into master (482de22) will increase coverage by 0.02%.
Report is 8 commits behind head on master.
The diff coverage is 100.00%.

Additional details and impacted files
@@            Coverage Diff             @@
##           master    #6776      +/-   ##
==========================================
+ Coverage   83.40%   83.43%   +0.02%     
==========================================
  Files         285      285              
  Lines       30966    30969       +3     
==========================================
+ Hits        25828    25838      +10     
+ Misses       4068     4056      -12     
- Partials     1070     1075       +5     
Files Coverage Δ
credentials/tls.go 80.00% <100.00%> (+2.01%) ⬆️

... and 17 files with indirect coverage changes

@arvindbr8 arvindbr8 modified the milestones: 1.60 Release, 1.61 Release Nov 14, 2023
Copy link
Contributor

@ginayeh ginayeh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you might want to check the spelling suggestion from vet before merging

@dfawley dfawley merged commit 424db25 into grpc:master Nov 15, 2023
14 checks passed
@dfawley dfawley deleted the tlsminver branch November 15, 2023 15:10
@dfawley dfawley modified the milestones: 1.61 Release, 1.60 Release Nov 15, 2023
dfawley added a commit to dfawley/grpc-go that referenced this pull request Nov 15, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 14, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Type: Security A bug or other problem affecting security
Projects
None yet
Development

Successfully merging this pull request may close these issues.

GRPC Server allows usage of TLS1.0 for HTTP/2 protocol
3 participants