Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Allow TLS cipher configuration
See original GitHub issuePlease describe your use case / problem.
Currently, TLS ciphers used by Ambassador cannot be configured. Even with the envoy_override directive, it looks like only routing configuration can be override, while TLS ciphers belong to Envoy’s listener configuration.
Describe the solution you’d like Configuration alongside the TLS certificate configuration
Describe alternatives you’ve considered Another Envoy override
Additional context While the currently used cipher suite still gives a green rating with the Qualys SSL Labs test, some of the ciphers are marked weak already. Furthermore, it is always possible that a cipher may be broken so that the cipher suite needs to be reconfigured quickly.
Issue Analytics
- State:
- Created 5 years ago
- Reactions:9
- Comments:12 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
The initial request states that it does not work with
envoy_override, so my understanding is that it wasn’t a proposal, but a request.The ability to remove weak cipher suites and older protocols is something we really need
The situation has improved a bit (TLS version can be specified since version 0.61.0, also providing an indirect lever for set of cipher suites), but cipher suites themselves are still not configurable. I continue to think this is an important issue.