distribution-library-image icon indicating copy to clipboard operation
distribution-library-image copied to clipboard
verified publisher icon distribution

ciphersuites restriction does not prevent TLS_AES_128_GCM_SHA256 from being accepted

Open phrankemp opened this issue 2 years ago • 1 comments

Arch: s390x, Version 2.8.3

I have minimumtls set to "tls1.3" and am restricting ciphersuites to TLS_AES_256_GCM_SHA384. This is confirmed in the log on startup.

No matter how I restrict the ciphersuites, I can always connect successfully from openssl using the TLS_AES_128_GCM_SHA256 cipher. Other ciphers are restricted properly.

Any thoughts as to why this might be happening?

Thanks in advance...

phrankemp avatar Oct 16 '23 23:10 phrankemp

I'd encourage you to open this question in https://github.com/distribution/distribution

Whilst this repo still tracks releases of the official image, you'll get better luck in the code repository that.

It'd be great if you provided the exact configuration file that could help the maintainers to investigate.

milosgajdos avatar Oct 18 '23 07:10 milosgajdos

Closing as opened in the wrong repo. Please open the issue in https://github.com/distribution/distribution

milosgajdos avatar Aug 14 '24 16:08 milosgajdos