CCO-784: update to pick up tls-min-version and tls-cipher-suites#207
CCO-784: update to pick up tls-min-version and tls-cipher-suites#207openshift-merge-bot[bot] merged 7 commits intoopenshift:masterfrom
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@jstuever: This pull request references CCO-784 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.21.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci
Bot
added
the
approved
jstuever
changed the title
openshift-ci
Bot
added
the
do-not-merge/work-in-progress
|
NB: I think we also want |
|
This is currently a cherry-pick of the commits posted upstream. Ideally, the upstream PR will merge and we can pull them in directly. If that doesn't happen in time for this release, we may have to carry them until it does. |
* feat: add flag to configure minimum TLS version for webhook server This commit introduces a new command-line flag `--tls-min-version` to the webhook server. This allows callers to specify the minimum supported TLS version (1.0, 1.1, 1.2, or 1.3), improving security flexibility by allowing the enforcement of stricter TLS protocols. Assisted-by: gemini-3-pro-preview * feat: add flag to configure TLS cipher suites This commit introduces a new command-line flag `-tls-cipher-suites` to the webhook server. This allows users to specify a comma-separated list of allowed TLS cipher suites, enhancing security configurability. Assisted-by: gemini-3-pro-preview
jstuever
changed the title
openshift-ci
Bot
removed
the
do-not-merge/work-in-progress
|
@jstuever: This pull request references CCO-784 which is a valid jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/assign @dlom |
|
/lgtm |
|
/payload-job periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-aws-ipi-private-shared-vpc-phz-sts-mini-perm-f7 |
|
@huangmingxia: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/23745410-02d2-11f1-8288-5fa8a750773c-0 |
|
/payload-job periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-aws-ipi-wavelength-sts-fips-mini-perm-f14 |
|
@huangmingxia: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/280b8f70-02d2-11f1-91bc-a89568a7605e-0 |
|
/payload-job periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-azure-mag-ipi-fips-f7 |
|
@huangmingxia: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/2da01690-02d2-11f1-9f48-2be85117e42f-0 |
|
/payload-job periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-azure-ipi-vmgenv1-mini-perm-f7 |
|
@huangmingxia: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/363fe1e0-02d2-11f1-91f8-e3eae1654ee1-0 |
jstuever
changed the title
openshift-ci
Bot
added
the
do-not-merge/work-in-progress
This commit enables the ability to specify the tls-min-version using the names of the constants in crypto/tls/common.go (i.e., VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13). Assisted-by: gemini-3-pro-preview
jstuever
changed the title
openshift-ci
Bot
removed
the
do-not-merge/work-in-progress
jstuever
changed the title
|
@jstuever: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dlom, jstuever The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/payload-job periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-aws-ipi-private-shared-vpc-phz-sts-mini-perm-f7 |
|
@huangmingxia: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/4092da20-12e6-11f1-9f05-7e9ae7f33baf-0 |
|
/payload-job periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-nutanix-ipi-data-disks-f28 |
|
@huangmingxia: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/45f94c60-12e6-11f1-8d67-dd8381f094b5-0 |
|
/payload-job periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-vsphere-ipi-amd-f7-netobserv |
|
@huangmingxia: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/51a3bfa0-12e6-11f1-8e0a-29e3f9c88c85-0 |
|
/payload-job periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-ibmcloud-ipi-mini-perm-f28 |
|
@huangmingxia: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/5c6cac80-12e6-11f1-8d83-134b1d58034e-0 |
|
/payload-job periodic-ci-openshift-openshift-tests-private-release-4.22-amd64-nightly-azure-ipi-disc-oidc-mini-perm-f14 |
|
@huangmingxia: trigger 1 job(s) for the /payload-(with-prs|job|aggregate|job-with-prs|aggregate-with-prs) command
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/69d28b60-12e6-11f1-8d5c-1a9c5f010448-0 |
|
/verified by @huangmingxia |
openshift-ci-robot
added
the
verified
|
@huangmingxia: This PR has been marked as verified by DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
7 participants
This change merges in recent upstream changes to pick up tls-min-version and tls-cipher-suite flags. It also updates to using golang v1.25 to be compatible with recent upstream changes.