DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Include SECLEVEL and STRENGTH as part of ssl-cipher list validation (#10754)

Browse source
This commit is contained in:
kbweave 2024-01-05 07:50:34 -07:00 committed by GitHub
parent 05d68a1512
commit 1bc745619d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 29 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

23
test/e2e/annotations/sslciphers.go
View file

@ -54,4 +54,27 @@ var _ = framework.DescribeAnnotation("ssl-ciphers", func() {
Expect().
Status(http.StatusOK)
})
ginkgo.It("should keep ssl ciphers", func() {
host := "ciphers.foo.com"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/ssl-ciphers": "ALL:!aNULL:!EXPORT56:RC4+RSA@STRENGTH:+HIGH@SECLEVEL=0:+MEDIUM:+LOW:+SSLv2:+EXP",
"nginx.ingress.kubernetes.io/ssl-prefer-server-ciphers": "true",
}
ing := framework.NewSingleIngress(host, "/something", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
f.WaitForNginxServer(host,
func(server string) bool {
return strings.Contains(server, "ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA@STRENGTH:+HIGH@SECLEVEL=0:+MEDIUM:+LOW:+SSLv2:+EXP;") &&
strings.Contains(server, "ssl_prefer_server_ciphers on;")
})
f.HTTPTestClient().
GET("/something").
WithURL(f.GetURL(framework.HTTPS)).
WithHeader("Host", host).
Expect().
Status(http.StatusOK)
})
})