Release image/4.21.24: Remove AES128 TLS ciphers for TLS 1.2 by default (#2528) · wireapp/wire-server

image/4.21.24
cb42072
Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode
Compare

Choose a tag to compare

Loading

View all tags

image/4.21.24: Remove AES128 TLS ciphers for TLS 1.2 by default (#2528)

image/4.21.24
cb42072
Compare

Choose a tag to compare

Loading

View all tags
Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode

jschaul tagged this 09 Aug 09:43

Removes ECDHE-ECDSA-AES128-GCM-SHA256 and ECDHE-RSA-AES128-GCM-SHA256 ciphers from:
- from ingress traffic getting to nginz; 
- from ingress-traffic getting to nginz-cannon; 
- and if applicable (not installed by default) backoffice (which was using a larger list of ciphers). 
- removes these ciphers from being used/allowed in server-to-server federation exchanges.

Also removes `TLS_CHACHA20_POLY1305_SHA256` in case TLS 1.3 is active.

Co-authored-by: Sebastian Willenborg <[email protected]>

Assets 2

Provide feedback

Saved searches

Use saved searches to filter your results more quickly