apicurio-registry icon indicating copy to clipboard operation
apicurio-registry copied to clipboard

Published 20 hours ago verified publisher icon Apicurio

Restrict cipher suites and TLS protocol versions

Open pantaoran opened this issue 1 year ago • 2 comments

Feature or Problem Description

When running Apicurio in my enterprise environment, it needs to pass a pentest. They will check that no SSL/TLS versions are used which are considered insecure, so anything below TLSv1.2 is out.

Proposed Solution

I would like to have the option to configure Apicurio so that only TLSv1.2 and TLSv1.3 are offered to clients connecting to either API or GUI. Additionally, I would like to restrict the available cipher suites, analagously to the Kafka setting ssl.cipher.suites.

I didn't find anything in the docs, so I assume that this is not possible today, but I would be happy to be proven wrong :-)

pantaoran avatar Nov 21 '23 14:11 pantaoran