Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: replace go-connections tls config with stdlib #105

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

refactor: replace go-connections tls config with stdlib #105

wants to merge 3 commits into from

Conversation

kruskall
Copy link
Member

drop docker/go-connections dependency
use crypto/tls config
ignore unused options and keep default ciphers and tls version

@kruskall
refactor: replace go-connections tls config with stdlib
923f86b 
drop docker/go-connections dependency
use crypto/tls config
ignore unused options and keep default ciphers and tls version
@kruskall
lint: update notice
4bafa3c
@kruskall kruskall requested a review from a team as a code owner August 10, 2024 19:19
@elasticmachine
Copy link
Collaborator

💚 Build Succeeded

History

@pierrehilbert pierrehilbert added the Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team label Aug 11, 2024
belimawr
belimawr reviewed Aug 13, 2024
View reviewed changes
docker/watcher.go
if cfg != nil {
tlsConfig := &tls.Config{
// Prefer TLS1.2 as the client minimum
MinVersion: tls.VersionTLS12,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Question]
That means TLS 1.0 and 1.1 are not accepted any more, right?

That looks like a breaking change because on our docs we state supporting TLS 1.0 and 1.1: https://www.elastic.co/guide/en/beats/filebeat/current/configuration-ssl.html#supported-protocols

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm using the same settings as the connections lib to avoid breaking changes. The go-connections lib sets tls12 as the minimum supported version by default: https:/docker/go-connections/blob/5df8d2b30ca886f2d94740ce3c54abd58a5bb2c9/tlsconfig/config.go#L80 and it has been doing that for a while

Afaics It doesn't look like tls 1.0/1.1 was ever supported here.

leehinman
leehinman reviewed Aug 21, 2024
View reviewed changes
Copy link
Contributor

@leehinman leehinman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unless we can switch everywhere I'd rather keep tlsconfig, that way the tls configuration experience (and errors) are the same everywhere we require the input from the user.

@kruskall
Copy link
Member Author

unless we can switch everywhere I'd rather keep tlsconfig, that way the tls configuration experience (and errors) are the same everywhere we require the input from the user.

Thanks for the feedback!

The reason for this PR is so that we can drop go-connections from beats but I don't have a strong opinion on it! 🙂

@ycombinator
Copy link
Contributor

@kruskall Looking at the conversation between you and @leehinman, should this PR be closed unmerged?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@belimawr belimawr belimawr left review comments

@leehinman leehinman leehinman left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Team:Elastic-Agent-Data-Plane Label for the Agent Data Plane team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@kruskall @elasticmachine @ycombinator @belimawr @leehinman @pierrehilbert