Add configuration to set minimum TLS version accepted by the metrics server port. #666
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Seen when running testcase `TestLatencyStats`, which failed with a connection refused.
This adds the configuration `tls-server-min-version` to be able to set the minimum TLS version that will be accepted by the metrics server port. Since TLS 1.0 and 1.1 have reached end-of-life they are normally not allowed within some organisations, but Go enables it by default on TLS servers. With this new configuration only TLS1.2/TLS1.3 clients are accepted by default, but can be opened up to accept the less secure version via config.
Pull Request Test Coverage Report for Build 1594
💛 - Coveralls |
Codecov Report
@@ Coverage Diff @@
## master #666 +/- ##
==========================================
+ Coverage 88.15% 88.18% +0.03%
==========================================
Files 16 16
Lines 1941 1946 +5
==========================================
+ Hits 1711 1716 +5
Misses 154 154
Partials 76 76
📣 Codecov can now indicate which changes are the most critical in Pull Requests. Learn more |
oliver006
approved these changes
Jun 17, 2022
| @@ -15,7 +15,7 @@ services: | |||
|
|
|||
| redis7: | |||
| image: redis:7.0 | |||
| command: "redis-server --protected-mode no --dbfilename dump7.rdb" | |||
| command: "redis-server --port 6384 --protected-mode no --dbfilename dump7.rdb" | |||
You are the best. Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds the configuration
tls-server-min-versionto be able to set the minimum TLS version that will be accepted by the metrics server endpoint.Since TLS 1.0 and 1.1 have reached end-of-life they are normally not allowed within some organisations, but Go still enables it by default on TLS servers.
Due to the deprecation this PR also changes the default behavior and rejects clients that request to only use the old less secure TLS versions. This can be opened again by the configuration (setting
tls-server-min-versiontoTLS1.0).This PR also contains a commit to fix the local testruns using the makefile.
Maybe we should add a run of
make docker-allin CI?