-
Notifications
You must be signed in to change notification settings - Fork 2.6k
Registry - make minimum TLS version user configurable #2808
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
Please sign your commits following these rules: $ git clone -b "feat/tls1.2only" git@github.com:gregrebholz/distribution.git somewhere
$ cd somewhere
$ git commit --amend -s --no-edit
$ git push -f Amending updates the existing PR. You DO NOT need to open a new one. |
28e69d1
to
1f5da8b
Compare
1f5da8b
to
2cc11c3
Compare
eda14be
to
ee886ec
Compare
Codecov Report
@@ Coverage Diff @@
## master #2808 +/- ##
==========================================
- Coverage 60.25% 60.15% -0.11%
==========================================
Files 103 103
Lines 8024 8038 +14
==========================================
Hits 4835 4835
- Misses 2546 2560 +14
Partials 643 643
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Kindly add a warning.
236fd51
to
111da2b
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Otherwise LGTM
Signed-off-by: J. Gregory Rebholz <gregrebholz@gmail.com>
111da2b
to
cdb62b2
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@caervs @manishtomar @gregrebholz It seems lile even though these changes were merged over a year ago, they never got released. Can someone please look into this? Having TLS1.0 as default in 2021 is a big no. Thanks! |
What version are you using? I see this change was included in release v2.7.1 |
Don't think it's in v2.7.1; https://github.com/distribution/distribution/blob/v2.7.1/configuration/configuration.go#L107-L114 |
You're right. Looks like they didn't include latest master when they released 2.7.1. That's unfortunate. Also, no new releases in 2.5 years. |
Yes, but that's expected; this project uses release branches for releases, and specific bug fixes are cherry-picked to those branches (master/main is used for "release X + 1" (which could be next "major" or "minor" release, depending on changes; currently main is targeting v3.0.0) |
Registry - make minimum TLS version user configurable
Closes #2807 to allow users to configure the minimum allowable TLS version for Registry. Usage is via config.yml:
An omitted or unrecognized string results in the same TLS1.0 support we have today, and allowed strings are in the updated docs - "tls1.0", "tls1.1", "tls1.2".