Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: Support TLS1.3 #31

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

WIP: Support TLS1.3 #31

wants to merge 2 commits into from

Conversation

micheelengronne
Copy link
Member

Support for TLS1.3 added

@micheelengronne
Support TLS1.3
49374a0 
Support for TLS1.3 added

Signed-off-by: Michée Lengronne <[email protected]>
chris-rock
chris-rock reviewed Mar 13, 2020
View reviewed changes
controls/ssl_test.rb Outdated
@@ -162,6 +162,21 @@
end
end

control 'tls1.3' do
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the addition of TLS 1.3. How to do you envision the use of TLS 1.2 control and TLS 1.3 control in parallel? Either one control will fail.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a great question. Maybe, we should put another attribute to choose between the 2. TLS1.2 is still valid so we canno't remove it yet.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should test if TLS is configured properly.

  • remove control 'tls1.2'
  • create new control 'tls' that verifies that it is either TLS 1.2 or TLS 1.3
  • introduce an parameter to enforce a strict version, eg. tls_version

valid settings for tls_version could be auto (default), tls1.2 or tls1.3

What do you think?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree. It is semantically better to regroup it on a simple control 'tls'.

@micheelengronne
attribute to choose TLS version
2acc447 
Signed-off-by: Michée Lengronne <[email protected]>
@micheelengronne
Copy link
Member Author

Forget this MR, Inspec itself is not ready for TLS1.3. arlimus/sslshake#9

@micheelengronne micheelengronne changed the title Support TLS1.3 WIP: Support TLS1.3 Mar 13, 2020
@micheelengronne
Copy link
Member Author

For cross-reference: inspec/inspec#4956

@micheelengronne micheelengronne mentioned this pull request May 22, 2020
Open
@micheelengronne micheelengronne mentioned this pull request Jun 1, 2021
Open
@micheelengronne micheelengronne mentioned this pull request Aug 26, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chris-rock chris-rock chris-rock left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@micheelengronne @chris-rock