ssl_protocol when in server config ,is not effect

[softwolves]

I configured SSL in the server's config China in ingress_ Protocol is used to disable tlsv1.0, but it has not taken effect。 It is configured through nginx. ingress. kubernetes. io/server snippet in the annotation

### Tasks

[k8s-ci-robot]

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.

[longwuyuan]

The openssl version used to build controller image , already deprecated unsafe TLS versions.

On Thu, 21 Dec, 2023, 8:11 am Kubernetes Prow Robot, < @.***> wrote:

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here https://git.k8s.io/community/contributors/guide/pull-requests.md. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue: repository.

— Reply to this email directly, view it on GitHub https://github.com/kubernetes/ingress-nginx/issues/10794#issuecomment-1865396676, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABGZVWVRPXCJEI6ALPLOZ3TYKOOV5AVCNFSM6AAAAABA5XIDHGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNRVGM4TMNRXGY . You are receiving this because you are subscribed to this thread.Message ID: @.***>

[softwolves]

The openssl version used to build controller image , already deprecated unsafe TLS versions. … On Thu, 21 Dec, 2023, 8:11 am Kubernetes Prow Robot, < @.> wrote: This issue is currently awaiting triage. If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance. The triage/accepted label can be added by org members by writing /triage accepted in a comment. Instructions for interacting with me using PR comments are available here https://git.k8s.io/community/contributors/guide/pull-requests.md. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue: repository. — Reply to this email directly, view it on GitHub <#10794 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABGZVWVRPXCJEI6ALPLOZ3TYKOOV5AVCNFSM6AAAAABA5XIDHGVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNRVGM4TMNRXGY . You are receiving this because you are subscribed to this thread.Message ID: @.>

Indeed, but my problem is not that tlsv1.0 is not supported, but rather that I set nginx. ingress. kubernetes. io/configuration snippet in ingress:|

SSL Protocols TLSv1.2 TLSv1.3 is used to restrict the protocol of a single server. Configure SSL in the global configuration of ingress Protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3. However, the effect is not ideal. Even if a single domain is set up, it can still be connected using a lower version of the protocol.

[longwuyuan]

ok. When you created this issue, there were many questions asked in the issue template. But you have not answered any of the questions. If you want to see the questions, open this github project in another tab of browser and click new issue button. That information is needed to make comments based on real data. Without that information, comments are based on guess.

If the problem is snippets, then there is docs related to some changes made about snippets here https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#configuration-snippet .

[longwuyuan]

/remove-kind bug

[github-actions[bot]]

This is stale, but we won't close it automatically, just bare in mind the maintainers may be busy with other tasks and will reach your issue ASAP. If you have any question or request to prioritize this, please reach #ingress-nginx-dev on Kubernetes Slack.