Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot change TLS minimum version to 1.3 for internal encryption (between Ingress to Activator) #14057

Closed
izabelacg opened this issue Jun 2, 2023 · 1 comment · Fixed by #14074
Closed

Cannot change TLS minimum version to 1.3 for internal encryption (between Ingress to Activator) #14057

izabelacg opened this issue Jun 2, 2023 · 1 comment · Fixed by #14074
Assignees
@nak3
Labels
kind/feature Well-understood/specified features, ready for coding. triage/accepted Issues which should be fixed (post-triage)
Milestone
v1.11.0

Comments

@izabelacg
Copy link
Member

Describe the feature

I attempted to change the minimum TLS version (from 1.2 to 1.3) in the activator when internal encryption is activated, but kourier-tls tests failed (PR attempt #13930). They failed when this line is changed (communication between Ingress to Activator):

serving/cmd/activator/main.go

Line 288 in d07bf78

MinVersion: tls.VersionTLS12,

TLS 1.3 comes with numerous enhancements, such as a quicker TLS handshake and more secure cipher suites. We should aim to move minimum version from 1.2 to 1.3.
@izabelacg izabelacg added the kind/feature Well-understood/specified features, ready for coding. label Jun 2, 2023
This was referenced Jun 2, 2023
Merged
Closed
@KauzClay KauzClay added the triage/accepted Issues which should be fixed (post-triage) label Jun 2, 2023
@KauzClay
Copy link
Contributor

KauzClay commented Jun 2, 2023
edited
Loading

For visibility, the internal-encryption feature is undergoing some changes. One of them being the switch from internal-encryption to dataplane-trust config flags, see knative/networking#778.

We may want to consider this issue as the internal encryption track moves forward

This was referenced Jun 6, 2023
Merged
Merged
@nak3 nak3 self-assigned this Jun 7, 2023
@nak3 nak3 moved this to In Progress in Serving Encryption Jun 7, 2023
@nak3 nak3 added this to the v1.11.0 milestone Jun 7, 2023
@github-project-automation github-project-automation bot moved this from In Progress to Done in Serving Encryption Aug 3, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nak3 nak3

Labels
kind/feature Well-understood/specified features, ready for coding. triage/accepted Issues which should be fixed (post-triage)
Projects
Serving Encryption
Status: Done
Milestone
v1.11.0
Development

Successfully merging a pull request may close this issue.

Set TLS minimum version to 1.3 for Ingress to Activator nak3/serving
3 participants
@nak3 @izabelacg @KauzClay