homelab/traefik
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow PreferServerCipherSuites as a TLS Option

Browse source
This commit is contained in:
Daniel Tomcej 2020-02-12 11:06:04 -06:00 committed by GitHub
parent 94b2b6393f
commit 7c430e5c9d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
13 changed files with 112 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

2
pkg/provider/kubernetes/crd/fixtures/tcp/with_tls_options.yml
View file

@ -35,7 +35,7 @@ spec:
- secretCA1
- secretCA2
clientAuthType: VerifyClientCertIfGiven
preferServerCipherSuites: true
---
apiVersion: v1
kind: Secret

1
pkg/provider/kubernetes/crd/fixtures/with_tls_options.yml
View file

@ -35,6 +35,7 @@ spec:
- secretCA1
- secretCA2
clientAuthType: VerifyClientCertIfGiven
preferServerCipherSuites: true
---
apiVersion: traefik.containo.us/v1alpha1

3
pkg/provider/kubernetes/crd/kubernetes.go
View file

@ -501,7 +501,8 @@ func buildTLSOptions(ctx context.Context, client Client) map[string]tls.Options
CAFiles: clientCAs,
ClientAuthType: tlsOption.Spec.ClientAuth.ClientAuthType,
},
SniStrict: tlsOption.Spec.SniStrict,
SniStrict: tlsOption.Spec.SniStrict,
PreferServerCipherSuites: tlsOption.Spec.PreferServerCipherSuites,
}
}
return tlsOptions

6
pkg/provider/kubernetes/crd/kubernetes_test.go
View file

@ -423,7 +423,8 @@ func TestLoadIngressRouteTCPs(t *testing.T) {
},
ClientAuthType: "VerifyClientCertIfGiven",
},
SniStrict: true,
SniStrict: true,
PreferServerCipherSuites: true,
},
},
},
@ -1896,7 +1897,8 @@ func TestLoadIngressRoutes(t *testing.T) {
},
ClientAuthType: "VerifyClientCertIfGiven",
},
SniStrict: true,
SniStrict: true,
PreferServerCipherSuites: true,
},
},
},

13
pkg/provider/kubernetes/crd/traefik/v1alpha1/tlsoption.go
View file

@ -19,12 +19,13 @@ type TLSOption struct {
// TLSOptionSpec configures TLS for an entry point
type TLSOptionSpec struct {
MinVersion string `json:"minVersion,omitempty"`
MaxVersion string `json:"maxVersion,omitempty"`
CipherSuites []string `json:"cipherSuites,omitempty"`
CurvePreferences []string `json:"curvePreferences,omitempty"`
ClientAuth ClientAuth `json:"clientAuth,omitempty"`
SniStrict bool `json:"sniStrict,omitempty"`
MinVersion string `json:"minVersion,omitempty"`
MaxVersion string `json:"maxVersion,omitempty"`
CipherSuites []string `json:"cipherSuites,omitempty"`
CurvePreferences []string `json:"curvePreferences,omitempty"`
ClientAuth ClientAuth `json:"clientAuth,omitempty"`
SniStrict bool `json:"sniStrict,omitempty"`
PreferServerCipherSuites bool `json:"preferServerCipherSuites,omitempty"`
}
// +k8s:deepcopy-gen=true