docker-registry-proxy icon indicating copy to clipboard operation
docker-registry-proxy copied to clipboard

Published 20 hours ago verified publisher icon rpardini

TLSv1.3 support

Open cyd01 opened this issue 3 years ago • 2 comments

I use a private docker repository that use TLS v1.3 protocol only (for security purpose). Prior versions were disabled.
It seems version v1.3 is not enabled in nginx:

2022/01/03 08:01:53 [error] 79#79: *37 SSL_do_handshake() failed (SSL: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:SSL alert number 70) while SSL handshaking to upstream, client: 127.0.0.1, server: proxy_caching_, request: "GET /v2/mocks/apisprout/manifests/latest HTTP/1.1", upstream: "https://192.168.0.16:443/v2/mocks/apisprout/manifests/latest", host: "my.repos.io"
{"access_time":"03/Jan/2022:08:01:53 +0000","upstream_cache_status":"MISS","method":"GET","uri":"/v2/mocks/apisprout/manifests/latest","request_type":"manifest-default","status":"502","bytes_sent":"157","upstream_response_time":"0.044","host":"my.repos.io","proxy_host":"my.repos.io","upstream":"192.168.0.16:443"}

How can I enable it ?

cyd01 avatar Jan 03 '22 09:01 cyd01

Good question. You'd need to search on nginx on which this project is based. This project's base image builds nginx from source, so whatever's required for support should be achievable, and PRs are welcome! I commend you on TLSv1.3-only posture.

rpardini avatar Jan 05 '22 23:01 rpardini

Thanks for answering. Here is the pull request: https://github.com/rpardini/docker-registry-proxy/pull/124

cyd01 avatar Jan 06 '22 12:01 cyd01