Make TLS Version Configurable #91

frankgreco · 2018-04-04T17:40:44Z

Currently, there is no minimum TLS version required. Hence, the golang default is used which is 1.0. Due to security requirements, it may be important to set the minimum version. Hence, it would be nice if this setting were configurable in Kanali.

ghost · 2018-04-26T20:11:16Z

TLS settings such as version and ciphersuites are a breaking change, so it would be better to opinionate the Kanali API specification and strive for an SSL Labs "A" grade.
As a start, the minimum requirement in Kanali v2 could be based off of Amazon's highest security ELB TLS policy for TLSv1.2 "TLS-1-2-2017-01" as described at https://docs.aws.amazon.com/elasticloadbalancing/latest/application/create-https-listener.html#describe-ssl-policies.

frankgreco added the enhancement label Apr 4, 2018

frankgreco self-assigned this Apr 4, 2018

frankgreco added the for-new-contributors label Apr 4, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Make TLS Version Configurable #91

Make TLS Version Configurable #91

frankgreco commented Apr 4, 2018

ghost commented Apr 26, 2018 •

edited by ghost

Loading

Make TLS Version Configurable #91

Make TLS Version Configurable #91

Comments

frankgreco commented Apr 4, 2018

ghost commented Apr 26, 2018 • edited by ghost Loading

ghost commented Apr 26, 2018 •

edited by ghost

Loading