Golang maintains a list of cipher suites considered insecure, which are still allowed if requested. This flag will allow those cipher suites to be completely excluded.
Options considered:
Use a list of allowed cipher suites
This may need some maintenance over time as cipher suites are updated, introduced or deprecated.
Exclude used cipher suites based on name
Less maintenance overhead than maintaining desired list of cipher suites, excluding the ones not desired would also require some maintenance overtime as cipher suites are considered insecure.
Exclude known insecure cipher suites
Using golang's list of InsecureCipherSuites reducing maintenance overhead by allowing list to be maintained by golang.
Golang maintains a list of cipher suites considered insecure, which are still allowed if requested. This flag will allow those cipher suites to be completely excluded.
Options considered:
Use a list of allowed cipher suites This may need some maintenance over time as cipher suites are updated, introduced or deprecated.
Exclude used cipher suites based on name Less maintenance overhead than maintaining desired list of cipher suites, excluding the ones not desired would also require some maintenance overtime as cipher suites are considered insecure.
Exclude known insecure cipher suites Using golang's list of InsecureCipherSuites reducing maintenance overhead by allowing list to be maintained by golang.
Fixes https://github.com/zalando/skipper/issues/3121