go-connections icon indicating copy to clipboard operation
go-connections copied to clipboard

Published 20 hours ago verified publisher icon docker

Phase out weak ciphers?

Open cpuguy83 opened this issue 2 years ago • 5 comments

We have this comment: https://github.com/docker/go-connections/blob/58542c764a1173ea3dac965d89146c931a2946f7/tlsconfig/config.go#L43

Perhaps it is time to go ahead and make good on that comment?

cpuguy83 avatar Mar 08 '23 20:03 cpuguy83

/cc @thaJeztah @AkihiroSuda @neersighted

Related to https://github.com/moby/moby/discussions/45121

cpuguy83 avatar Mar 08 '23 20:03 cpuguy83

PTAL @corhere as well; I have no strong opinions -- if no others appear, maybe we discuss this on Thursday?

neersighted avatar Mar 08 '23 20:03 neersighted

Yeah, we still need to dig into the TLS1.3 issue as well; updating moby to the latest code in this repo breaks things (see https://github.com/moby/moby/pull/41084 and the original PR linked)

thaJeztah avatar Mar 08 '23 20:03 thaJeztah

Seems strange that we even have tlsconfig in this repo.

cpuguy83 avatar Mar 08 '23 22:03 cpuguy83

Yeah, ISTR the original reason was to have a canonical place where these were defined (as at the time it was not always trivial to decide on the ciphers, and to make sure all repositories followed the same)

thaJeztah avatar Mar 08 '23 22:03 thaJeztah