You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
We would like to run harbor with only TLSv1.3 enabled for inbound traffic to increase security in our infrastructure.
Describe the solution you'd like
By default harbor allows TLSv1.2 and TLSv1.3 for inbound traffic in its nginx configuration:
One can restrict the used ciphers by setting https.strong_ssl_ciphers but not the the protocols.
Describe the main design/architecture of your solution
A new configuration option in the harbor.yml.tmpl would be needed allowing users to decide which protocols to enable - defaulting to the current versions (TLSv1.2 and TLSv1.3). This flag would probably need to work together with strong_ssl_ciphers because the ciphers can not be used in combination with TLSv1.3 (this is an assumption, needs to be confirmed).
Describe the development plan you've considered
I can create a pull request that adds this configuration option.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
We would like to run harbor with only TLSv1.3 enabled for inbound traffic to increase security in our infrastructure.
Describe the solution you'd like
By default harbor allows TLSv1.2 and TLSv1.3 for inbound traffic in its nginx configuration:
harbor/make/photon/prepare/templates/nginx/nginx.https.conf.jinja
Lines 65 to 72 in 02b3561
One can restrict the used ciphers by setting
https.strong_ssl_ciphers
but not the the protocols.Describe the main design/architecture of your solution
A new configuration option in the
harbor.yml.tmpl
would be needed allowing users to decide which protocols to enable - defaulting to the current versions (TLSv1.2 and TLSv1.3). This flag would probably need to work together withstrong_ssl_ciphers
because the ciphers can not be used in combination with TLSv1.3 (this is an assumption, needs to be confirmed).Describe the development plan you've considered
I can create a pull request that adds this configuration option.
The text was updated successfully, but these errors were encountered: