From 056830daa41b7733639f2b3137c1a567c797ce68 Mon Sep 17 00:00:00 2001 From: Blaine Date: Fri, 25 Oct 2024 15:18:12 -0400 Subject: [PATCH 1/4] Make nginx protocols and ciphers configurable in artifactory-ha --- stable/artifactory-ha/files/nginx-artifactory-conf.yaml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/stable/artifactory-ha/files/nginx-artifactory-conf.yaml b/stable/artifactory-ha/files/nginx-artifactory-conf.yaml index 89a8baa9b..82a867cae 100644 --- a/stable/artifactory-ha/files/nginx-artifactory-conf.yaml +++ b/stable/artifactory-ha/files/nginx-artifactory-conf.yaml @@ -1,5 +1,12 @@ {{- if .Values.nginx.https.enabled }} +{{- if .Values.nginx.https.protocols }} +ssl_protocols {{ .Values.nginx.https.protocols }}; +{{- else -}} ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; +{{- end }} +{{- if .Values.nginx.https.ciphers }} +ssl_ciphers {{ .Values.nginx.https.ciphers }}; +{{- end }} ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; ssl_session_cache shared:SSL:1m; @@ -95,4 +102,4 @@ location / { {{- end }} } } -} \ No newline at end of file +} From a44d47798b34fb573d1060e29a1adec33db86542 Mon Sep 17 00:00:00 2001 From: Blaine Date: Fri, 25 Oct 2024 15:19:34 -0400 Subject: [PATCH 2/4] Make protocols and ciphers configurable in artifactory nginx --- stable/artifactory/files/nginx-artifactory-conf.yaml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/stable/artifactory/files/nginx-artifactory-conf.yaml b/stable/artifactory/files/nginx-artifactory-conf.yaml index 8ee5e53dd..842e265de 100644 --- a/stable/artifactory/files/nginx-artifactory-conf.yaml +++ b/stable/artifactory/files/nginx-artifactory-conf.yaml @@ -1,5 +1,12 @@ {{- if .Values.nginx.https.enabled }} +{{- if .Values.nginx.https.protocols }} +ssl_protocols {{ .Values.nginx.https.protocols }}; +{{- else -}} ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; +{{- end }} +{{- if .Values.nginx.https.ciphers }} +ssl_ciphers {{ .Values.nginx.https.ciphers }}; +{{- end }} ssl_certificate {{ .Values.nginx.persistence.mountPath }}/ssl/tls.crt; ssl_certificate_key {{ .Values.nginx.persistence.mountPath }}/ssl/tls.key; ssl_session_cache shared:SSL:1m; @@ -95,4 +102,4 @@ location / { {{- end }} } } -} \ No newline at end of file +} From 23e5d8fbeb2e9c4a783f4f676e39f749c4817977 Mon Sep 17 00:00:00 2001 From: Blaine Date: Mon, 28 Oct 2024 07:35:55 -0400 Subject: [PATCH 3/4] Remove TLS 1.0 and 1.1 from the default. --- stable/artifactory-ha/files/nginx-artifactory-conf.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stable/artifactory-ha/files/nginx-artifactory-conf.yaml b/stable/artifactory-ha/files/nginx-artifactory-conf.yaml index 82a867cae..5747dfa99 100644 --- a/stable/artifactory-ha/files/nginx-artifactory-conf.yaml +++ b/stable/artifactory-ha/files/nginx-artifactory-conf.yaml @@ -2,7 +2,7 @@ {{- if .Values.nginx.https.protocols }} ssl_protocols {{ .Values.nginx.https.protocols }}; {{- else -}} -ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; +ssl_protocols TLSv1.2 TLSv1.3; {{- end }} {{- if .Values.nginx.https.ciphers }} ssl_ciphers {{ .Values.nginx.https.ciphers }}; From 8cbe558b2855b412d2338880b4fed53ae5683baa Mon Sep 17 00:00:00 2001 From: Blaine Date: Mon, 28 Oct 2024 07:36:18 -0400 Subject: [PATCH 4/4] Remove TLS 1.0 and 1.1 from the default --- stable/artifactory/files/nginx-artifactory-conf.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stable/artifactory/files/nginx-artifactory-conf.yaml b/stable/artifactory/files/nginx-artifactory-conf.yaml index 842e265de..b6551e4a6 100644 --- a/stable/artifactory/files/nginx-artifactory-conf.yaml +++ b/stable/artifactory/files/nginx-artifactory-conf.yaml @@ -2,7 +2,7 @@ {{- if .Values.nginx.https.protocols }} ssl_protocols {{ .Values.nginx.https.protocols }}; {{- else -}} -ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; +ssl_protocols TLSv1.2 TLSv1.3; {{- end }} {{- if .Values.nginx.https.ciphers }} ssl_ciphers {{ .Values.nginx.https.ciphers }};