DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add ssl_reject_handshake to defaul server (#7977)

Browse source 
* Add ssl_reject_handshake to defaul server

* Added SSLRejectHandshake to NewDefault

* Added documentation
This commit is contained in:
Ansil H 2021-11-29 22:03:23 +05:30 committed by GitHub
parent ea1099abc9
commit a03895d91e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 19 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
docs/user-guide/nginx-configuration/configmap.md
View file

@ -208,6 +208,7 @@ The following table shows a configuration option's name, type, and the default v
|[global-rate-limit-memcached-pool-size](#global-rate-limit)|int|50|
|[global-rate-limit-status-code](#global-rate-limit)|int|429|
|[service-upstream](#service-upstream)|bool|"false"|
|[ssl-reject-handshake](#ssl-reject-handshake)|bool|"false"|
## add-headers
@ -1263,3 +1264,11 @@ that ingress-nginx includes. Refer to the link to learn more about `lua-resty-gl
Set if the service's Cluster IP and port should be used instead of a list of all endpoints. This can be overwritten by an annotation on an Ingress rule.
_**default:**_ "false"
## ssl-reject-handshake
Set to reject SSL handshake to an unknown virtualhost. This paramter helps to mitigate the fingerprinting using default certificate of ingress.
_**default:**_ "false"
_References:_
[https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_reject_handshake](https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_reject_handshake)