Skip to content

[SECURITY] Remove OTLP HTTP support for TLS 1.0 and TLS 1.1, require TLS 1.2 or better #2721

New issue
New issue
Closed
#2722
Closed
[SECURITY] Remove OTLP HTTP support for TLS 1.0 and TLS 1.1, require TLS 1.2 or better#2721
#2722
Assignees
marcalff
Labels
bugSomething isn't workingremovalRemovaltriage/acceptedIndicates an issue or PR is ready to be actively worked on.
@marcalff

Description

@marcalff
marcalff
opened on Jun 27, 2024

Per the following RFC: https://www.ietf.org/rfc/rfc8996.html

TLS 1.0 MUST NOT be used. Negotiation of TLS 1.0 from any version of TLS MUST NOT be permitted.

TLS 1.1 MUST NOT be used. Negotiation of TLS 1.1 from any version of TLS MUST NOT be permitted.

In the OTLP HTTP exporter,

  • Remove min_TLS and max_TLS options support for TLS 1.0 and TLS 1.1.
  • Require TLS 1.2 or better

Metadata

Metadata

Assignees

Labels

bugSomething isn't workingremovalRemovaltriage/acceptedIndicates an issue or PR is ready to be actively worked on.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions