feat(security): Enable modern cipher suite / TLSv1.3 only #3704

bnevis-i · 2021-09-08T18:42:19Z

Signed-off-by: Bryon Nevis bryon.nevis@intel.com

PR Checklist

Please check if your PR fulfills the following requirements:

Tests for the changes have been added (for bug fixes / features)
Docs have been added / updated (for bug fixes / features) feat(security): Document DefaultTokenTTL and ssl_cipher_suite override edgex-docs#560

If your build fails due to your commit message not passing the build checks, please review the guidelines here: https://github.com/edgexfoundry/edgex-go/blob/master/.github/Contributing.md.

What is the current behavior?

API gateway supports "intermediate" level of cipher suites.

Issue Number:

Audit and bump TLS security level for API gateway #3680

What is the new behavior?

API gateway supports "modern" cipher suite and TLSv1.3 only.

Does this PR introduce a breaking change?

Yes, but can by changed by configuration alone.
No

New Imports

Yes
No

Specific Instructions

Are there any specific instructions or things that should be known prior to reviewing?

Other information

Closes #3680 Signed-off-by: Bryon Nevis <bryon.nevis@intel.com>

codecov-commenter · 2021-09-08T19:08:40Z

Codecov Report

Merging #3704 (b76c258) into main (a77f58c) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main    #3704   +/-   ##
=======================================
  Coverage   47.27%   47.27%           
=======================================
  Files         112      112           
  Lines        9180     9180           
=======================================
  Hits         4340     4340           
  Misses       4466     4466           
  Partials      374      374

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a77f58c...b76c258. Read the comment docs.