Skip to content

Commit

Permalink
ServerContextConfig: set TLSv1.3 as max also for FIPS mode as default
Browse files Browse the repository at this point in the history 
Since https://bugzilla.redhat.com/show_bug.cgi?id=1724250 is already
fixed we can reenable TLSv1.3 for FIPS mode as a default max TLS server
version.

Signed-off-by: Zuzana Miklankova <[email protected]>
Signed-off-by: Ted Poole <[email protected]>
  • Loading branch information
@zmiklank @tedjpoole
zmiklank authored and tedjpoole committed Sep 4, 2024
1 parent 36a50d2 commit cc45e7d
Showing 1 changed file with 1 addition and 8 deletions.
9 changes: 1 addition & 8 deletions source/extensions/transport_sockets/tls/context_config_impl.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -386,14 +386,7 @@ ClientContextConfigImpl::ClientContextConfigImpl(
}

const unsigned ServerContextConfigImpl::DEFAULT_MIN_VERSION = TLS1_VERSION;

// FIPS configuration
// TLS 1.3 is not supported on systems working in FIPS mode. As a result,
// connections that require TLS 1.3 for interoperability do not function
// on a system working in FIPS mode.
// see https://bugzilla.redhat.com/show_bug.cgi?id=1724250
const unsigned ServerContextConfigImpl::DEFAULT_MAX_VERSION =
isFipsEnabled ? TLS1_2_VERSION : TLS1_3_VERSION;
const unsigned ServerContextConfigImpl::DEFAULT_MAX_VERSION = TLS1_3_VERSION;

const std::string ServerContextConfigImpl::DEFAULT_CIPHER_SUITES =
isFipsEnabled ?
Expand Down

0 comments on commit cc45e7d

Please sign in to comment.