Loading...

XML

Word

Printable

Details

Type: Feature
Resolution: Unresolved
Priority: Normal
Fix Version/s: None
Affects Version/s: None
Component/s: config-tool
Labels:
- 3.12-candidate
- CEE.neXT
- quay
- quay-operator
- triaged
- xe.next

Blocked:
False
Blocked Reason:
None
Ready:
False
Color Status:
Not Selected
Hierarchy Progress:
0
Hierarchy Progress Bar:

0% 0%

RICE Score:
0

SFDC Cases Links:
SFDC Cases Counter:

Description

Problem :

If SSL_PROTOCOLS was manually set to TLSv1.2 in the past, in the latest versions of quay, config-editor will not add TLSv1.3 unless old configurations are changed manually.
Quay config-editor tool does not add ssl related configurations to config.yaml or add latest available values to those configuration fields.

$ grep SSL config.yaml 
$ grep -i SSL config.yaml 
$ grep -i TLS config.yaml 
EXTERNAL_TLS_TERMINATION: true
MAIL_USE_TLS: false
REPO_MIRROR_TLS_VERIFY: true

Expectations:

Set default value of SSL_PROTOCOL to latest protocol available. Eg: TLSv1.3
Option to set SSL_PROTOCOL from quay-config-editor. Give customer an option to use TLSv1.2 or TLSv1.3
Editor-tool should add SSL configurations + default values to its generated config.yaml file
Have a warning message and inform the user that TLSv1.3 latest protocol is not being used and they can add it.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Sayali Bhavsar

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2023/03/22 4:38 AM

Updated:: 2024/03/08 9:09 AM