removed tlsv1 & tlsv1.1 (#11408)

Co-authored-by: longwuyuan <longwuyuan@gmail.com>
2024-06-02 11:52:07 -07:00 · 2024-06-02 11:52:07 -07:00 · b7f6f93334
commit b7f6f93334
parent 18cfd1daac
7 changed files with 63363 additions and 60285 deletions
--- a/internal/ingress/annotations/proxyssl/main.go
+++ b/internal/ingress/annotations/proxyssl/main.go
@ -32,7 +32,7 @@ import (

 const (
 	defaultProxySSLCiphers     = "DEFAULT"
-	defaultProxySSLProtocols   = "TLSv1 TLSv1.1 TLSv1.2"
+	defaultProxySSLProtocols   = "TLSv1.2"
 	defaultProxySSLVerify      = "off"
 	defaultProxySSLVerifyDepth = 1
 	defaultProxySSLServerName  = "off"
@ -40,7 +40,7 @@ const (

 var (
 	proxySSLOnOffRegex    = regexp.MustCompile(`^(on|off)$`)
-	proxySSLProtocolRegex = regexp.MustCompile(`^(SSLv2|SSLv3|TLSv1|TLSv1\.1|TLSv1\.2|TLSv1\.3| )*$`)
+	proxySSLProtocolRegex = regexp.MustCompile(`^(TLSv1\.2|TLSv1\.3| )*$`)
 	proxySSLCiphersRegex  = regexp.MustCompile(`^[A-Za-z0-9\+:\_\-!]*$`)
 )

--- a/internal/ingress/annotations/proxyssl/main_test.go
+++ b/internal/ingress/annotations/proxyssl/main_test.go
@ -32,7 +32,7 @@ const (
 	proxySslCiphers   = "HIGH:-SHA"
 	off               = "off"
 	sslServerName     = "w00t"
-	defaultProtocol   = "SSLv2 TLSv1 TLSv1.2 TLSv1.3"
+	defaultProtocol   = "TLSv1.2 TLSv1.3"
 )

 func buildIngress() *networking.Ingress {
@ -103,7 +103,7 @@ func TestAnnotations(t *testing.T) {
 	data[parser.GetAnnotationWithPrefix(proxySSLSecretAnnotation)] = defaultDemoSecret
 	data[parser.GetAnnotationWithPrefix("proxy-ssl-ciphers")] = proxySslCiphers
 	data[parser.GetAnnotationWithPrefix("proxy-ssl-name")] = "$host"
-	data[parser.GetAnnotationWithPrefix("proxy-ssl-protocols")] = "TLSv1.3 SSLv2 TLSv1   TLSv1.2"
+	data[parser.GetAnnotationWithPrefix("proxy-ssl-protocols")] = "TLSv1.3 TLSv1.2"
 	data[parser.GetAnnotationWithPrefix("proxy-ssl-server-name")] = "on"
 	data[parser.GetAnnotationWithPrefix("proxy-ssl-session-reuse")] = off
 	data[parser.GetAnnotationWithPrefix("proxy-ssl-verify")] = "on"