Skip to content

WIP: Support TLS1.3#31

Open
micheelengronne wants to merge 2 commits intodev-sec:masterfrom
micheelengronne:patch-4
Open

WIP: Support TLS1.3#31
micheelengronne wants to merge 2 commits intodev-sec:masterfrom
micheelengronne:patch-4

Conversation

@micheelengronne
Copy link
Member

@micheelengronne micheelengronne commented Mar 13, 2020

Support for TLS1.3 added

@micheelengronne
Support TLS1.3
49374a0 
Support for TLS1.3 added

Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com>
chris-rock
chris-rock reviewed Mar 13, 2020
View reviewed changes
controls/ssl_test.rb Outdated
end
end

control 'tls1.3' do
Copy link
Member

@chris-rock chris-rock Mar 13, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like the addition of TLS 1.3. How to do you envision the use of TLS 1.2 control and TLS 1.3 control in parallel? Either one control will fail.

Copy link
Member Author

@micheelengronne micheelengronne Mar 13, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a great question. Maybe, we should put another attribute to choose between the 2. TLS1.2 is still valid so we canno't remove it yet.

Copy link
Member

@chris-rock chris-rock Mar 26, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should test if TLS is configured properly.

  • remove control 'tls1.2'
  • create new control 'tls' that verifies that it is either TLS 1.2 or TLS 1.3
  • introduce an parameter to enforce a strict version, eg. tls_version

valid settings for tls_version could be auto (default), tls1.2 or tls1.3

What do you think?

Copy link
Member Author

@micheelengronne micheelengronne Mar 26, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree. It is semantically better to regroup it on a simple control 'tls'.

@micheelengronne
attribute to choose TLS version
2acc447 
Signed-off-by: Michée Lengronne <michee.lengronne@coppint.com>
@micheelengronne
Copy link
Member Author

micheelengronne commented Mar 13, 2020

Forget this MR, Inspec itself is not ready for TLS1.3. arlimus/sslshake#9

@micheelengronne micheelengronne changed the title Support TLS1.3 WIP: Support TLS1.3 Mar 13, 2020
@micheelengronne
Copy link
Member Author

micheelengronne commented Mar 13, 2020

For cross-reference: inspec/inspec#4956

@micheelengronne micheelengronne mentioned this pull request May 22, 2020
Open
@micheelengronne micheelengronne mentioned this pull request Jun 1, 2021
Open
@micheelengronne micheelengronne mentioned this pull request Aug 26, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chris-rock chris-rock chris-rock left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@micheelengronne @chris-rock