Skip to content

Commit f74d141

Browse files
authored
Bugfix: prevent race condition from simultaneous TLS handshakes (#4011)
Multiple TLS handshakes could occur at the same time, causing a race condition. Use a cloned TLS config instead of the global config. Signed-off-by: bmordeha <bmordeha@redhat.com>
1 parent f2cf490 commit f74d141

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

pkg/internal/tlssecprofile/tls_security_profile.go

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -67,9 +67,10 @@ func MutateTLSConfig(cfg *tls.Config) {
6767
// please be aware that the APIServer is using http keepalive so this is going to
6868
// be executed only after a while for fresh connections and not on existing ones
6969
cfg.GetConfigForClient = func(_ *tls.ClientHelloInfo) (*tls.Config, error) {
70-
cfg.CipherSuites, cfg.MinVersion = GetCipherSuitesAndMinTLSVersionInGolangFormat(getHyperConvergedProfile())
70+
config := cfg.Clone()
71+
config.CipherSuites, config.MinVersion = GetCipherSuitesAndMinTLSVersionInGolangFormat(getHyperConvergedProfile())
7172

72-
return cfg, nil
73+
return config, nil
7374
}
7475
}
7576

0 commit comments

Comments
 (0)