Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Phase out weak ciphers? #101

Open
cpuguy83 opened this issue Mar 8, 2023 · 5 comments
Open

Phase out weak ciphers? #101

cpuguy83 opened this issue Mar 8, 2023 · 5 comments

Comments

@cpuguy83
Copy link
Contributor

cpuguy83 commented Mar 8, 2023

We have this comment:

go-connections/tlsconfig/config.go

Line 43 in 58542c7

// Extra (server-side) accepted CBC cipher suites - will phase out in the future

Perhaps it is time to go ahead and make good on that comment?
@cpuguy83
Copy link
Contributor Author

cpuguy83 commented Mar 8, 2023

/cc @thaJeztah @AkihiroSuda @neersighted

Related to moby/moby#45121

@neersighted
Copy link
Member

PTAL @corhere as well; I have no strong opinions -- if no others appear, maybe we discuss this on Thursday?

@thaJeztah
Copy link
Member

Yeah, we still need to dig into the TLS1.3 issue as well; updating moby to the latest code in this repo breaks things (see moby/moby#41084 and the original PR linked)

@cpuguy83
Copy link
Contributor Author

cpuguy83 commented Mar 8, 2023

Seems strange that we even have tlsconfig in this repo.

@thaJeztah
Copy link
Member

Yeah, ISTR the original reason was to have a canonical place where these were defined (as at the time it was not always trivial to decide on the ciphers, and to make sure all repositories followed the same)

@neersighted neersighted mentioned this issue Jul 13, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cpuguy83 @neersighted @thaJeztah