Skip to content

feat: add flag tls-cipher-suites#1693

Open
jstuever wants to merge 1 commit intoAzure:mainfrom
jstuever:tlsciphersuite
Open

feat: add flag tls-cipher-suites#1693
jstuever wants to merge 1 commit intoAzure:mainfrom
jstuever:tlsciphersuite

Conversation

@jstuever
Copy link

@jstuever jstuever commented Jan 16, 2026
edited
Loading

Reason for Change:
This commit introduces a new command-line flag -tls-cipher-suites to the webhook server. This allows users to specify a comma-separated list of allowed TLS cipher suites, enhancing security configurability.

This commit also enables the ability to specify the tls-min-version using the names of the constants in crypto/tls/common.go (i.e., VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13).

Assisted-by: gemini-3-pro-preview

Requirements

  • squashed commits
  • included documentation
  • added unit tests and e2e tests (if applicable).

Please answer the following questions with yes/no:

Does this change contain code from or inspired by another project? If so, did you notify the maintainers and provide attribution?

  • yes
  • no

Notes for Reviewers:

@jstuever jstuever changed the title feat: add flag to configure TLS cipher suites WIP: feat: add flag to configure TLS cipher suites Jan 22, 2026
@jstuever jstuever marked this pull request as draft January 23, 2026 22:12
@jstuever jstuever changed the title WIP: feat: add flag to configure TLS cipher suites feat: add flag to configure TLS cipher suites Jan 27, 2026
@jstuever jstuever marked this pull request as ready for review January 27, 2026 18:45
@jstuever jstuever changed the title feat: add flag to configure TLS cipher suites feat: add flag tls-cipher-suites Jan 27, 2026
@jstuever
Copy link
Author

jstuever commented Feb 10, 2026

@aramase This is ready for review. I followed the same pattern used by tls-min-version.

@jstuever jstuever marked this pull request as draft February 18, 2026 17:48
@jstuever
feat: add flag to configure TLS cipher suites
12b1648 
This commit introduces a new command-line flag `-tls-cipher-suites` to the
webhook server. This allows users to specify a comma-separated list of
allowed TLS cipher suites, enhancing security configurability.

This commit also enables the ability to specify the tls-min-version
using the names of the constants in crypto/tls/common.go (i.e.,
VersionTLS10, VersionTLS11, VersionTLS12, VersionTLS13).

Assisted-by: gemini-3-pro-preview
@jstuever jstuever marked this pull request as ready for review February 18, 2026 19:06
@jstuever
Copy link
Author

jstuever commented Feb 19, 2026

@aramase @enj I believe this is ready for review. Please let me know if I am missing anything.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aramase aramase Awaiting requested review from aramase aramase is a code owner

@enj enj Awaiting requested review from enj enj is a code owner

@stlaz stlaz Awaiting requested review from stlaz stlaz is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jstuever