Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 5 of 5 for EnforceGoCompliance (0.25 sec)

  2. github.com/istio/istio

    pkg/model/fips.go 

    	for _, cipher := range ciphers {
		out[cipher] = struct{}{}
	}
	return out
}

var fipsCipherIndex = index(fipsCiphers)

// EnforceGoCompliance limits the TLS settings to the compliant values.
// This should be called as the last policy.
func EnforceGoCompliance(ctx *gotls.Config) {
	switch common_features.CompliancePolicy {
	case "":
		return
	case common_features.FIPS_140_2:
		ctx.MinVersion = gotls.VersionTLS12
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Mar 28 22:11:02 UTC 2024
    - 2.9K bytes
    - Viewed (0)
  3. github.com/istio/istio

    pilot/pkg/security/model/authentication.go 

    			ValidationContext: &tls.CertificateValidationContext{
				MatchSubjectAltNames: util.StringToExactMatch(tlsOpts.SubjectAltNames),
			},
		}
	}
}

func EnforceGoCompliance(ctx *gotls.Config) {
	pm.EnforceGoCompliance(ctx)
}

func EnforceCompliance(ctx *tls.CommonTlsContext) {
	pm.EnforceCompliance(ctx)
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Mar 28 22:11:02 UTC 2024
    - 9.9K bytes
    - Viewed (0)
  4. github.com/istio/istio

    pilot/pkg/bootstrap/webhook.go 

    		MinVersion:     tls.VersionTLS12,
		CipherSuites:   args.ServerOptions.TLSOptions.CipherSuits,
	}
	// Compliance for control plane validation and injection webhook server.
	sec_model.EnforceGoCompliance(tlsConfig)

	istiolog.Info("initializing secure webhook server for istiod webhooks")
	// create the https server for hosting the k8s injectionWebhook handlers.
	s.httpsMux = http.NewServeMux()
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Tue Jun 11 17:37:53 UTC 2024
    - 2.7K bytes
    - Viewed (0)
  5. github.com/istio/istio

    pilot/pkg/grpc/tls.go 

    		config.ServerName = "istiod.istio-system.svc"
	}
	if opts.SAN != "" {
		config.ServerName = opts.SAN
	}
	// Compliance for all gRPC clients (e.g. Citadel)..
	sec_model.EnforceGoCompliance(&config)
	transportCreds := credentials.NewTLS(&config)
	return grpc.WithTransportCredentials(transportCreds), nil
}

func getRootCertificate(rootCertFile string) (*x509.CertPool, error) {
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Mar 28 22:11:02 UTC 2024
    - 2.9K bytes
    - Viewed (0)
  6. github.com/istio/istio

    pilot/pkg/bootstrap/server.go 

    			}
			return err
		},
		MinVersion:   tls.VersionTLS12,
		CipherSuites: args.ServerOptions.TLSOptions.CipherSuits,
	}
	// Compliance for xDS server TLS.
	sec_model.EnforceGoCompliance(cfg)

	tlsCreds := credentials.NewTLS(cfg)

	s.secureGrpcAddress = args.ServerOptions.SecureGRPCAddr

	interceptors := []grpc.UnaryServerInterceptor{
    Registered: Fri Jun 14 15:00:06 UTC 2024
    - Last Modified: Thu Jun 13 17:48:28 UTC 2024
    - 46.3K bytes
    - Viewed (0)
Back to top