AlexanderYastrebov
commented
6 days ago :+1:
Closed rickhlx closed 4 days ago
AlexanderYastrebov
commented
6 days ago :+1:
AlexanderYastrebov
commented
6 days ago :+1:
rickhlx
commented
4 days ago @szuecs @AlexanderYastrebov any chance we can get this merged? We're looking to solve some security issues by deploying this change.
MustafaSaber
commented
4 days ago 👍
MustafaSaber
commented
4 days ago Thanks for your contribution!
Golang maintains a list of cipher suites considered insecure, which are still allowed if requested. This flag will allow those cipher suites to be completely excluded.
Options considered:
Use a list of allowed cipher suites This may need some maintenance over time as cipher suites are updated, introduced or deprecated.
Exclude used cipher suites based on name Less maintenance overhead than maintaining desired list of cipher suites, excluding the ones not desired would also require some maintenance overtime as cipher suites are considered insecure.
Exclude known insecure cipher suites Using golang's list of InsecureCipherSuites reducing maintenance overhead by allowing list to be maintained by golang.
Fixes https://github.com/zalando/skipper/issues/3121