DevFW-CICD/ingress-nginx-helm
6
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #5534 from agile6v/master

Browse source 
Add annotation ssl-prefer-server-ciphers.
This commit is contained in:
Kubernetes Prow Robot 2020-05-29 08:35:16 -07:00 committed by GitHub
commit ee02d897d5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 73 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

14
internal/ingress/controller/controller.go
View file

@ -1051,8 +1051,9 @@ func (n *NGINXController) createServers(data []*ingress.Ingress,
Locations: []*ingress.Location{
loc,
},
SSLPassthrough: anns.SSLPassthrough,
SSLCiphers: anns.SSLCiphers,
SSLPassthrough: anns.SSLPassthrough,
SSLCiphers: anns.SSLCipher.SSLCiphers,
SSLPreferServerCiphers: anns.SSLCipher.SSLPreferServerCiphers,
}
}
}
@ -1092,8 +1093,13 @@ func (n *NGINXController) createServers(data []*ingress.Ingress,
}
// only add SSL ciphers if the server does not have them previously configured
if servers[host].SSLCiphers == "" && anns.SSLCiphers != "" {
servers[host].SSLCiphers = anns.SSLCiphers
if servers[host].SSLCiphers == "" && anns.SSLCipher.SSLCiphers != "" {
servers[host].SSLCiphers = anns.SSLCipher.SSLCiphers
}
// only add SSLPreferServerCiphers if the server does not have them previously configured
if servers[host].SSLPreferServerCiphers == "" && anns.SSLCipher.SSLPreferServerCiphers != "" {
servers[host].SSLPreferServerCiphers = anns.SSLCipher.SSLPreferServerCiphers
}
// only add a certificate if the server does not have one previously configured