Set minimum tls version to 1.3 and statically compile to avoid glibc … #187

teejaded · 2023-08-18T17:38:39Z

Set webhook server minimum TLS version to 1.3 -- available since Kubenetes 1.13 https://go.dev/doc/go1.13#tls_1_3
TLS 1.0 was flagged by Nessus: https://www.tenable.com/plugins/nessus/104743
Verified with nmap

> kubectl port-forward tugger-694c8d768c-cp8m6 8443:443
> nmap --script ssl-enum-ciphers 127.0.0.1 -p 8443
Starting Nmap 7.94 ( https://nmap.org ) at 2023-08-18 10:34 PDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00017s latency).

PORT     STATE SERVICE
8443/tcp open  https-alt
| ssl-enum-ciphers:
|   TLSv1.3:
|     ciphers:
|       TLS_AKE_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
|       TLS_AKE_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
|       TLS_AKE_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
|     cipher preference: server
|_  least strength: A

Nmap done: 1 IP address (1 host up) scanned in 1.93 seconds

Statically compile tugger to avoid missing GLIBC error

Checklist

Chart version bumped

…error

Set minimum tls version to 1.3 and statically compile to avoid glibc …

4a1a37f

…error

kd7lxl approved these changes Aug 29, 2023

View reviewed changes

kd7lxl merged commit a5c4554 into jainishshah17:master Aug 29, 2023
5 checks passed

kd7lxl mentioned this pull request Aug 29, 2023

Tugger startup error #189

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Set minimum tls version to 1.3 and statically compile to avoid glibc … #187

Set minimum tls version to 1.3 and statically compile to avoid glibc … #187

teejaded commented Aug 18, 2023

Set minimum tls version to 1.3 and statically compile to avoid glibc … #187

Set minimum tls version to 1.3 and statically compile to avoid glibc … #187

Conversation

teejaded commented Aug 18, 2023

Checklist