Skip to content

feat(webhook): add TLS flags and remove hardcoded curves/ciphers#2234

Open
anchi205 wants to merge 1 commit into
shipwright-io:mainfrom
anchi205:webhook-tls-flags
Open

feat(webhook): add TLS flags and remove hardcoded curves/ciphers#2234
anchi205 wants to merge 1 commit into
shipwright-io:mainfrom
anchi205:webhook-tls-flags

Conversation

@anchi205

@anchi205 anchi205 commented Jun 19, 2026

Copy link
Copy Markdown
Member

Changes

Remove pinned CurvePreferences/CipherSuites so Go defaults (incl. ML-KEM) apply, keep TLS 1.2 minimum by default, and add --tls-min-version and --tls-cipher-suites via a shared tlsconfig helper with handshake tests.

Implements SHIP-0047

/kind feature

Submitter Checklist

  • Includes tests if functionality changed/was added
  • Includes docs if changes are user-facing
  • Kind label has been set
  • Release notes block has been filled in, or marked NONE

Release Notes

NONE

@anchi205
feat(webhook): add TLS flags and remove hardcoded curves/ciphers
f5540a0 
Remove pinned CurvePreferences/CipherSuites so Go defaults (incl. ML-KEM)
apply, keep TLS 1.2 minimum by default, and add --tls-min-version and
--tls-cipher-suites via a shared tlsconfig helper with handshake tests.

Signed-off-by: Anchita Borah <anborah@redhat.com>
@openshift-ci openshift-ci Bot added the release-note-none Label for when a PR does not need a release note label Jun 19, 2026
@pull-request-size pull-request-size Bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Jun 19, 2026
@openshift-ci openshift-ci Bot added the kind/feature Categorizes issue or PR as related to a new feature. label Jun 19, 2026
@openshift-ci openshift-ci Bot requested review from HeavyWombat and qu1queee June 19, 2026 02:57
@openshift-ci

openshift-ci Bot commented Jun 19, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign qu1queee for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@HeavyWombat HeavyWombat Awaiting requested review from HeavyWombat
@qu1queee qu1queee Awaiting requested review from qu1queee

Assignees

No one assigned

Labels

kind/feature Categorizes issue or PR as related to a new feature. release-note-none Label for when a PR does not need a release note size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

Issues
Status: No status

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@anchi205 @shipwright-ci-bot