DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Include SECLEVEL and STRENGTH as part of ssl-cipher list validation (#10754)

Browse source
This commit is contained in:
kbweave 2024-01-05 07:50:34 -07:00 committed by GitHub
parent 05d68a1512
commit 1bc745619d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 29 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
internal/ingress/annotations/sslcipher/main.go
View file

@ -32,7 +32,8 @@ const (
)
// Should cover something like "ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
var regexValidSSLCipher = regexp.MustCompile(`^[A-Za-z0-9!:+\-]*$`)
// (?:@STRENGTH) is included twice so it can appear before or after @SECLEVEL=n
var regexValidSSLCipher = regexp.MustCompile(`^(?:(?:[A-Za-z0-9!:+\-])*(?:@STRENGTH)*(?:@SECLEVEL=[0-5])*(?:@STRENGTH)*)*$`)
var sslCipherAnnotations = parser.Annotation{
Group: "backend",