DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deploy GitHub Pages

Browse source
This commit is contained in:
k8s-ci-robot 2023-10-03 13:57:03 +00:00
parent 9bfc11f90e
commit 83b09f900d
4 changed files with 57 additions and 57 deletions
Download patch file Download diff file Expand all files Collapse all files

2
user-guide/tls/index.html
View file

@ -13,7 +13,7 @@
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">ingress-demo.example.com</span>
<span class=nt>secretName</span><span class=p>:</span> <span class="l l-Scalar l-Scalar-Plain">ingress-demo-tls</span>
<span class="p p-Indicator">[</span><span class=nv>...</span><span class="p p-Indicator">]</span>
</code></pre></div> <h2 id=default-tls-version-and-ciphers>Default TLS Version and Ciphers<a class=headerlink href=#default-tls-version-and-ciphers title="Permanent link"></a></h2> <p>To provide the most secure baseline configuration possible,</p> <p>ingress-nginx defaults to using TLS 1.2 and 1.3 only, with a <a href=../nginx-configuration/configmap/#ssl-ciphers>secure set of TLS ciphers</a>.</p> <h3 id=legacy-tls>Legacy TLS<a class=headerlink href=#legacy-tls title="Permanent link"></a></h3> <p>The default configuration, though secure, does not support some older browsers and operating systems.</p> <p>For instance, TLS 1.1+ is only enabled by default from Android 5.0 on. At the time of writing, May 2018, <a href=https://developer.android.com/about/dashboards/#Platform>approximately 15% of Android devices</a> are not compatible with ingress-nginx's default configuration.</p> <p>To change this default behavior, use a <a href=../nginx-configuration/configmap/ >ConfigMap</a>.</p> <p>A sample ConfigMap fragment to allow these older clients to connect could look something like the following (generated using the Mozilla SSL Configuration Generator)<a href="https://ssl-config.mozilla.org/#server=nginx&config=old">mozilla-ssl-config-old</a>:</p> <div class=highlight><pre><span></span><code>kind: ConfigMap
</code></pre></div> <h2 id=default-tls-version-and-ciphers>Default TLS Version and Ciphers<a class=headerlink href=#default-tls-version-and-ciphers title="Permanent link"></a></h2> <p>To provide the most secure baseline configuration possible,</p> <p>ingress-nginx defaults to using TLS 1.2 and 1.3 only, with a <a href=../nginx-configuration/configmap/#ssl-ciphers>secure set of TLS ciphers</a>.</p> <h3 id=legacy-tls>Legacy TLS<a class=headerlink href=#legacy-tls title="Permanent link"></a></h3> <div class="admonition warning"> <p class=admonition-title>Warning</p> <p>TLSv1, TLSv1.1 are not supported in ingress-nginx v1.6.0 and above.</p> </div> <p>The default configuration, though secure, does not support some older browsers and operating systems.</p> <p>For instance, TLS 1.1+ is only enabled by default from Android 5.0 on. At the time of writing, May 2018, <a href=https://developer.android.com/about/dashboards/#Platform>approximately 15% of Android devices</a> are not compatible with ingress-nginx's default configuration.</p> <p>To change this default behavior, use a <a href=../nginx-configuration/configmap/ >ConfigMap</a>.</p> <p>A sample ConfigMap fragment to allow these older clients to connect could look something like the following (generated using the Mozilla SSL Configuration Generator)<a href="https://ssl-config.mozilla.org/#server=nginx&config=old">mozilla-ssl-config-old</a>:</p> <div class=highlight><pre><span></span><code>kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-config