the-littlest-jupyterhub icon indicating copy to clipboard operation
the-littlest-jupyterhub copied to clipboard

Published 20 hours ago verified publisher icon jupyterhub

Specify ciphersuites in TLS config

Open yuvipanda opened this issue 5 years ago • 1 comments

We should probably explicitly specify our ciphersuites in traefik config.

Just as an FYI for anyone that may come across a similar issue, our VM team flagged us on use of an insecure cipher suite related to CVE-2016-2183 even after setting the minimum TLS version to v1.2, In our case we specified several suites in the traefik.toml config as a fix, e.g.

minVersion = "VersionTLS12"
  cipherSuites = [
    "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
    "TLS_RSA_WITH_AES_128_GCM_SHA256",
    "TLS_RSA_WITH_AES_256_GCM_SHA384",
    "TLS_RSA_WITH_AES_128_CBC_SHA",
    "TLS_RSA_WITH_AES_256_CBC_SHA"
  ]

Originally posted by @aye-aye-aye in https://github.com/jupyterhub/the-littlest-jupyterhub/issues/488#issuecomment-587454858

yuvipanda avatar Feb 18 '20 15:02 yuvipanda

This kind of change should probably be in sync with the equivalent logic for Traefik in z2jh.

consideRatio avatar Oct 25 '21 19:10 consideRatio