This is an automated email from the ASF dual-hosted git repository. tokers pushed a commit to branch chore/configurable-ssl-protocols in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git
commit 2ff9fcfe560db59753a9dff3e0ec6b4538416a27 Author: Chao Zhang <[email protected]> AuthorDate: Mon Aug 22 15:46:10 2022 +0800 chore: support configuring SSL protocols Signed-off-by: Chao Zhang <[email protected]> --- charts/apisix/templates/configmap.yaml | 2 +- charts/apisix/values.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/charts/apisix/templates/configmap.yaml b/charts/apisix/templates/configmap.yaml index 6c0e5da..ee78a14 100644 --- a/charts/apisix/templates/configmap.yaml +++ b/charts/apisix/templates/configmap.yaml @@ -156,7 +156,7 @@ data: enable: {{ .Values.gateway.tls.enabled }} enable_http2: {{ .Values.gateway.tls.http2.enabled }} listen_port: {{ .Values.gateway.tls.containerPort }} - ssl_protocols: "TLSv1 TLSv1.1 TLSv1.2 TLSv1.3" + ssl_protocols: {{ .Values.gateway.tls.sslProtocols | quote }} ssl_ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA- [...] {{- if and .Values.gateway.tls.enabled .Values.gateway.tls.existingCASecret }} ssl_trusted_certificate: "/usr/local/apisix/conf/ssl/{{ .Values.gateway.tls.certCAFilename }}" diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml index e0824f9..0071c6c 100644 --- a/charts/apisix/values.yaml +++ b/charts/apisix/values.yaml @@ -142,6 +142,7 @@ gateway: certCAFilename: "" http2: enabled: true + sslProtocols: "TLSv1.2 TLSv1.3" # L4 proxy (TCP/UDP) stream: enabled: false
