Skip to content

security: remove TLS 1.0/1.1 support and harden Swift driver crypto#13

Merged
chlins merged 1 commit into
goharbor:release/2.8from
wy65701436:release/2.8-sha256
Jun 30, 2026
Merged

security: remove TLS 1.0/1.1 support and harden Swift driver crypto#13
chlins merged 1 commit into
goharbor:release/2.8from
wy65701436:release/2.8-sha256

Conversation

@wy65701436

Copy link
Copy Markdown
Collaborator
  • registry: drop tls1.0/tls1.1 from http.tls.minimumtls. They are deprecated (RFC 8996); minimum is now TLS 1.2 (also the default). Configs explicitly requesting tls1.0/1.1 now fail fast.
  • swift: use SHA-256 instead of SHA-1 for segment paths. Paths are opaque, random, and stored in the manifest, so existing data is unaffected.

- registry: drop tls1.0/tls1.1 from http.tls.minimumtls. They are
  deprecated (RFC 8996); minimum is now TLS 1.2 (also the default).
  Configs explicitly requesting tls1.0/1.1 now fail fast.
- swift: use SHA-256 instead of SHA-1 for segment paths. Paths are
  opaque, random, and stored in the manifest, so existing data is
  unaffected.

Signed-off-by: wang yan <yan-yw.wang@broadcom.com>

@chlins chlins left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@chlins chlins merged commit 9182dab into goharbor:release/2.8 Jun 30, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants