github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 03:41:45 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #2827 from liggitt/tlsv1

Browse Source 
Bump minimum TLS version from SSLv3 to TLSv1.0
This commit is contained in:
Joe Beda 2014-12-10 13:15:29 -08:00
commit b7705d25c8
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/kube-apiserver/apiserver.go
View File

@ -224,6 +224,8 @@ func main() {
WriteTimeout: 5 * time.Minute, WriteTimeout: 5 * time.Minute,
MaxHeaderBytes: 1 << 20, MaxHeaderBytes: 1 << 20,
TLSConfig: &tls.Config{ TLSConfig: &tls.Config{
// Change default from SSLv3 to TLSv1.0 (because of POODLE vulnerability)
MinVersion: tls.VersionTLS10,
// Populate PeerCertificates in requests, but don't reject connections without certificates // Populate PeerCertificates in requests, but don't reject connections without certificates
// This allows certificates to be validated by authenticators, while still allowing other auth types // This allows certificates to be validated by authenticators, while still allowing other auth types
ClientAuth: tls.RequestClientCert, ClientAuth: tls.RequestClientCert,

2
pkg/client/transport.go
View File

@ -68,6 +68,8 @@ func NewClientCertTLSTransport(certFile, keyFile, caFile string) (*http.Transpor
certPool.AppendCertsFromPEM(data) certPool.AppendCertsFromPEM(data)
return &http.Transport{ return &http.Transport{
TLSClientConfig: &tls.Config{ TLSClientConfig: &tls.Config{
// Change default from SSLv3 to TLSv1.0 (because of POODLE vulnerability)
MinVersion: tls.VersionTLS10,
Certificates: []tls.Certificate{ Certificates: []tls.Certificate{
cert, cert,
}, },