Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow control over TLS version and ciphers for docker-registry #13258

Merged
merged 1 commit into from
Mar 7, 2017
Merged

Allow control over TLS version and ciphers for docker-registry #13258

merged 1 commit into from
Mar 7, 2017

Conversation

liggitt
Copy link
Contributor

@liggitt liggitt commented Mar 6, 2017
edited
Loading

Allows envvar-based control over tls version and ciphers for docker registry via envvars

REGISTRY_HTTP_TLS_MINVERSION=VersionTLS10
REGISTRY_HTTP_TLS_CIPHERSUITES=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,...

Valid tls versions are "VersionTLS10", "VersionTLS11", "VersionTLS12"

Valid cipher suites are https://golang.org/pkg/crypto/tls/#pkg-constants for the golang version used to build origin, taken from descriptions of http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-4

I'm not sure whether we want to try to add config file options for these... the stanza for TLS options is part of docker standard config

follow up to #13167 for the docker registry

@mfojtik
Copy link
Contributor

mfojtik commented Mar 6, 2017

@miminar @legionus FYI

@liggitt liggitt added this to the 1.5.0 milestone Mar 6, 2017
@liggitt
Copy link
Contributor Author

liggitt commented Mar 6, 2017

[test]

@liggitt liggitt mentioned this pull request Mar 6, 2017
Merged
@liggitt liggitt removed this from the 1.5.0 milestone Mar 6, 2017
@openshift-bot
Copy link
Contributor

Evaluated for origin test up to d2ab74c

@openshift-bot
Copy link
Contributor

continuous-integration/openshift-jenkins/test SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_origin_future/873/) (Base Commit: b4652ac)

miminar
miminar approved these changes Mar 7, 2017
View reviewed changes
Copy link

@miminar miminar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

pkg/cmd/dockerregistry/dockerregistry.go
@@ -36,6 +36,8 @@ import (
_ "github.com/docker/distribution/registry/storage/driver/s3-aws"
_ "github.com/docker/distribution/registry/storage/driver/swift"

"strings"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should go way up.

@mfojtik
Copy link
Contributor

mfojtik commented Mar 7, 2017

[merge]

@miminar agreed the strings import is ok to fix later.

@openshift-bot
Copy link
Contributor

Evaluated for origin merge up to d2ab74c

@openshift-bot
Copy link
Contributor

openshift-bot commented Mar 7, 2017
edited
Loading

continuous-integration/openshift-jenkins/merge SUCCESS (https://ci.openshift.redhat.com/jenkins/job/test_pull_requests_origin_future/873/) (Base Commit: 11034b2) (Image: devenv-rhel7_6047)

@openshift-bot openshift-bot merged commit 892a124 into openshift:master Mar 7, 2017
@liggitt liggitt deleted the docker-registry-tls branch March 9, 2017 02:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@miminar miminar miminar approved these changes

Assignees

@mfojtik mfojtik

@miminar miminar

@legionus legionus

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@liggitt @mfojtik @openshift-bot @miminar @legionus