Add tls min and max version to serversTransport in K8s provider.

2025-08-06 22:57:14 +02:00 · 2025-07-31 18:07:49 +02:00 · 2025-07-31 18:07:49 +02:00 · 46979796db
commit 46979796db
parent 7c77aeb386
1 changed files with 10 additions and 14 deletions
--- a/pkg/server/service/transport_test.go
+++ b/pkg/server/service/transport_test.go
@ -118,7 +118,8 @@ PtvuNc5EImfSkuPBYLBslNxtjbBvAYgacEdY+gRhn2TeIUApnND58lCWsKbNHLFZ
 ajIPbTY+Fe9OTOFTN48ujXNn
 -----END PRIVATE KEY-----`)

-var ciphers = []string{"TLS_RSA_WITH_AES_128_CBC_SHA256", "TLS_RSA_WITH_AES_128_CBC_SHA256"}
+var cipherSuite = []uint16{tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}
+var cipherSuiteName = []string{"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"}

 func TestKeepConnectionWhenSameConfiguration(t *testing.T) {
 	srv := httptest.NewUnstartedServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
@ -193,25 +194,20 @@ func TestCipherSuites(t *testing.T) {
 	cert, err := tls.X509KeyPair(LocalhostCert, LocalhostKey)
 	require.NoError(t, err)

-	srv.TLS = &tls.Config{Certificates: []tls.Certificate{cert}}
+	srv.TLS = &tls.Config{
+		Certificates: []tls.Certificate{cert},
+		CipherSuites: cipherSuite,
+		MaxVersion:   tls.VersionTLS12,
+	}
 	srv.StartTLS()

 	transportManager := NewTransportManager(nil)

 	dynamicConf := map[string]*dynamic.ServersTransport{
 		"test": {
-			ServerName: "example.com",
-			// For TLS
-			RootCAs: []types.FileOrContent{types.FileOrContent(LocalhostCert)},
-
-			// For mTLS
-			Certificates: traefiktls.Certificates{
-				traefiktls.Certificate{
-					CertFile: types.FileOrContent(mTLSCert),
-					KeyFile:  types.FileOrContent(mTLSKey),
-				},
-			},
-			CipherSuites: ciphers,
+			ServerName:   "example.com",
+			RootCAs:      []types.FileOrContent{types.FileOrContent(LocalhostCert)},
+			CipherSuites: cipherSuiteName,
 		},
 	}