[I] help request: Setting TLS version not effective [apisix]

Thu, 05 Sep 2024 20:28:45 -0700 


hoo-al opened a new issue, #11554:
URL: https://github.com/apache/apisix/issues/11554

   ### Description
   
   I installed apisix-2.15.0 using helm in my self built K8S.
   There is a setting in the configuration file for sslsprotocols TLSv1.2 
TLSv1.3; And you can see corresponding configuration lines in the config. yaml 
of each pod.
   But my website still supports TLSv1.0 and TLSv1.1, and there are no other 
load balancing or similar devices on the website.
   How can I turn off support for TLSv1.0 and TLSv1.1?
   
   server {
           listen 0.0.0.0:80 default_server reuseport;
           listen [::]:80 default_server reuseport;
           listen 0.0.0.0:9443 ssl default_server http2 reuseport;
           listen [::]:9443 ssl default_server http2 reuseport;
           listen 0.0.0.0:443 ssl default_server http2 reuseport;
           listen [::]:443 ssl default_server http2 reuseport;
   
           server_name _;
   
           ssl_certificate      cert/ssl_PLACE_HOLDER.crt;
           ssl_certificate_key  cert/ssl_PLACE_HOLDER.key;
           ssl_session_cache    shared:SSL:20m;
           ssl_session_timeout 10m;
   
           ssl_protocols TLSv1.2 TLSv1.3;
           ssl_ciphers 
ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
           ssl_prefer_server_ciphers on;
           ssl_session_tickets off;
           ……
           }
           
           
   
   ### Environment
   
   - APISIX version (run `apisix version`):2.15.0
   - Operating system (run `uname -a`):Linux apisix-skh6n 
3.10.0-1160.71.1.el7.x86_64 #1 SMP Tue Jun 28 15:37:28 UTC 2022 x86_64 Linux
   - OpenResty / Nginx version (run `openresty -V` or `nginx 
-V`):openresty/1.21.4.1
   - etcd version, if relevant (run `curl 
http://127.0.0.1:9090/v1/server_info`):
   - APISIX Dashboard version, if relevant:
   - Plugin runner version, for issues related to plugin runners:
   - LuaRocks version, for installation issues (run `luarocks --version`):
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to