DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Annotations: Allow ciphers with underscores. (#13140)

Browse source 
Co-authored-by: Steven Goodstein <sgoodstein@medallia.com>
This commit is contained in:
k8s-infra-cherrypick-robot 2025-04-01 08:08:42 -07:00 committed by GitHub
parent 2c7857e63f
commit d7c00069fe
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
internal/ingress/annotations/sslcipher/main.go
View file

@ -33,7 +33,7 @@ const (
// Should cover something like "ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP"
// (?:@STRENGTH) is included twice so it can appear before or after @SECLEVEL=n
var regexValidSSLCipher = regexp.MustCompile(`^(?:(?:[A-Za-z0-9!:+\-])*(?:@STRENGTH)*(?:@SECLEVEL=[0-5])*(?:@STRENGTH)*)*$`)
var regexValidSSLCipher = regexp.MustCompile(`^(?:(?:[A-Za-z0-9!:+\-_])*(?:@STRENGTH)*(?:@SECLEVEL=[0-5])*(?:@STRENGTH)*)*$`)
var sslCipherAnnotations = parser.Annotation{
Group: "backend",

1
internal/ingress/annotations/sslcipher/main_test.go
View file

@ -57,6 +57,7 @@ func TestParse(t *testing.T) {
{map[string]string{annotationSSLCiphers: "ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP", annotationSSLPreferServerCiphers: "true"}, Config{"ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP", "on"}, false},
{map[string]string{annotationSSLCiphers: "ALL:SOMETHING:;locationXPTO"}, Config{"", ""}, true},
{map[string]string{}, Config{"", ""}, false},
{map[string]string{annotationSSLCiphers: "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"}, Config{"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256", ""}, false},
{nil, Config{"", ""}, false},
}