-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validate ciphers offered by Minio server #253
Comments
@nitisht Since TLS config is not really a functional requirement - it's a compliance requirement - should we add this to minio-go functional tests or should we start non-functional tests? |
Since we support ENABLE_HTTPS we could turn this test off during non tls run and enable this conditionally. |
@harshavardhana Sure, my question was just about organization - Should we separate functional from non-functional tests? Like |
@aead can we create a separate test directory called |
@nitisht In general correct. The issue here has two separate parts:
EDIT: As far as I can see there is no way to use |
In that case, IMO we can have a separate directory with just these tests. As you indicated, it is not a good idea to have these tests added to minio-go functional tests. |
This change adds non-functional tests to check whether a minio endpoint (TLS) is configured properly. This includes: - SSL/TLS version checks - Cipher suite checks To separate TLS tests from functional tests this change adds a new subdirectory `/run/tls`. Fixes minio#253
This change adds non-functional tests to check whether a minio endpoint (TLS) is configured properly. This includes: - SSL/TLS version checks - Cipher suite checks To separate TLS tests from functional tests this change adds a new subdirectory `/run/tls`. Fixes minio#253
This change adds non-functional tests to check whether a minio endpoint (TLS) is configured properly. This includes: - SSL/TLS version checks - Cipher suite checks To separate TLS tests from functional tests this change adds a new subdirectory `/run/tls`. Fixes minio#253
This change adds non-functional tests to check whether a minio endpoint (TLS) is configured properly. This includes: - SSL/TLS version checks - Cipher suite checks To separate TLS tests from functional tests this change adds a new subdirectory `/run/tls`. Fixes minio#253
This change adds non-functional tests to check whether a minio endpoint (TLS) is configured properly. This includes: - SSL/TLS version checks - Cipher suite checks To separate TLS tests from functional tests this change adds a new subdirectory `/run/tls`. Fixes minio#253
This change adds non-functional tests to check whether a minio endpoint (TLS) is configured properly. This includes: - SSL/TLS version checks - Cipher suite checks To separate TLS tests from functional tests this change adds a new subdirectory `/run/tls`. Fixes minio#253
This change adds non-functional tests to check whether a minio endpoint (TLS) is configured properly. This includes: - SSL/TLS version checks - Cipher suite checks To separate TLS tests from functional tests this change adds a new subdirectory `/run/security`. Fixes #253
The issue minio/minio#5244 reported that Minio offers some of the known vulnerable ciphers like ECDHE-RSA-DES-CBC3-SHA and DES-CBC3-SHA.
The issue was fixed by minio/minio#5245, but we should add tests to Mint to validate the ciphers and make sure none of the vulnerable ciphers are exposed again.
The text was updated successfully, but these errors were encountered: