-
Notifications
You must be signed in to change notification settings - Fork 877
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add configuration to set minimum TLS version accepted by the metrics server port. #666
Conversation
Seen when running testcase `TestLatencyStats`, which failed with a connection refused.
This adds the configuration `tls-server-min-version` to be able to set the minimum TLS version that will be accepted by the metrics server port. Since TLS 1.0 and 1.1 have reached end-of-life they are normally not allowed within some organisations, but Go enables it by default on TLS servers. With this new configuration only TLS1.2/TLS1.3 clients are accepted by default, but can be opened up to accept the less secure version via config.
Pull Request Test Coverage Report for Build 1594
💛 - Coveralls |
Codecov Report
@@ Coverage Diff @@
## master #666 +/- ##
==========================================
+ Coverage 88.15% 88.18% +0.03%
==========================================
Files 16 16
Lines 1941 1946 +5
==========================================
+ Hits 1711 1716 +5
Misses 154 154
Partials 76 76
📣 Codecov can now indicate which changes are the most critical in Pull Requests. Learn more |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR, change looks good and thx for fixing the docker-compose file.
@@ -15,7 +15,7 @@ services: | |||
|
|||
redis7: | |||
image: redis:7.0 | |||
command: "redis-server --protected-mode no --dbfilename dump7.rdb" | |||
command: "redis-server --port 6384 --protected-mode no --dbfilename dump7.rdb" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
You are the best. Thanks! |
This adds the configuration
tls-server-min-version
to be able to set the minimum TLS version that will be accepted by the metrics server endpoint.Since TLS 1.0 and 1.1 have reached end-of-life they are normally not allowed within some organisations, but Go still enables it by default on TLS servers.
Due to the deprecation this PR also changes the default behavior and rejects clients that request to only use the old less secure TLS versions. This can be opened again by the configuration (setting
tls-server-min-version
toTLS1.0
).This PR also contains a commit to fix the local testruns using the makefile.
Maybe we should add a run of
make docker-all
in CI?