Skip to content

Backport of Ensure RSA keys are at least 2048 bits in length into release/1.16.x#17935

Merged
jm96441n merged 3 commits intorelease/1.16.xfrom
backport/NET-4173-rsa-key-length-inline-certs/mainly-diverse-jawfish
Jun 28, 2023
Merged

Backport of Ensure RSA keys are at least 2048 bits in length into release/1.16.x#17935
jm96441n merged 3 commits intorelease/1.16.xfrom
backport/NET-4173-rsa-key-length-inline-certs/mainly-diverse-jawfish

Conversation

@hc-github-team-consul-core
Copy link
Copy Markdown
Collaborator

@hc-github-team-consul-core hc-github-team-consul-core commented Jun 28, 2023
edited by nathancoleman
Loading

Backport

This PR is auto-generated from #17911 to be assessed for backporting due to the inclusion of the label backport/1.16.

🚨

Warning automatic cherry-pick of commits failed. If the first commit failed,
you will see a blank no-op commit below. If at least one commit succeeded, you
will see the cherry-picked commits up to, not including, the commit where
the merge conflict occurred.

The person who merged in the original PR is:
@jm96441n
This person should manually cherry-pick the original PR into a new backport PR,
and close this one when the manual backport PR is merged in.

merge conflict error: unable to process merge commit: "e8209ade23d3278af719938074022f8b87b4af98", automatic backport requires rebase workflow

The below text is copied from the body of the original PR.

Description

Envoy will silently reject RSA keys that are less than 2048 bits in length. The only way to find a key has been rejected is to go deep into the envoy config to see why. This introduces a change to reject invalid keys earlier and in a more user friendly way.

Testing & Reproduction steps

Links

PR Checklist

  • updated test coverage
  • external facing docs updated
  • appropriate backport labels added
  • not a security concern
Overview of commits

<-- Addresses NET-4404 -->

@hc-github-team-consul-core hc-github-team-consul-core force-pushed the backport/NET-4173-rsa-key-length-inline-certs/mainly-diverse-jawfish branch from 7a13886 to fdc6191 Compare June 28, 2023 15:34
@hc-github-team-consul-core hc-github-team-consul-core force-pushed the backport/NET-4173-rsa-key-length-inline-certs/mainly-diverse-jawfish branch from 698c0c7 to 4217bee Compare June 28, 2023 15:34
github-team-consul-core-pr-approver
github-team-consul-core-pr-approver approved these changes Jun 28, 2023
View reviewed changes
Copy link
Copy Markdown
Collaborator

@github-team-consul-core-pr-approver github-team-consul-core-pr-approver left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto approved Consul Bot automated PR

@jm96441n jm96441n marked this pull request as ready for review June 28, 2023 16:45
@jm96441n
Ensure RSA keys are at least 2048 bits in length (#17911)
6f61678 
* Ensure RSA keys are at least 2048 bits in length

* Add changelog

* update key length check for FIPS compliance

* Fix no new variables error and failing to return when error exists from
validating

* clean up code for better readability

* actually return value
@jm96441n jm96441n enabled auto-merge (squash) June 28, 2023 17:08
@jm96441n jm96441n merged commit 61c5d9e into release/1.16.x Jun 28, 2023
@jm96441n jm96441n deleted the backport/NET-4173-rsa-key-length-inline-certs/mainly-diverse-jawfish branch June 28, 2023 17:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-team-consul-core-pr-approver github-team-consul-core-pr-approver github-team-consul-core-pr-approver approved these changes

@jm96441n jm96441n Awaiting requested review from jm96441n

Assignees

@jm96441n jm96441n

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hc-github-team-consul-core @github-team-consul-core-pr-approver @jm96441n