k-space
/
kube
10
1
Fork 1
Code Issues 17 Pull Requests Projects Activity

Can't get TLSv1.3 enabled on Gitea #20

New Issue
Open
opened 2023-08-20 05:45:53 +00:00 by lauri · 0 comments
lauri commented 2023-08-20 05:45:53 +00:00
Owner
Copy Link

Same cert issuer (and certificate/key config) is used for Traefik (ingress for Nextcloud), yet Gitea fails to enable TLSv1.3

https://git.k-space.ee/k-space/kube/src/branch/master/gitea/application.yaml#L2
https://git.k-space.ee/k-space/kube/src/branch/master/gitea/application.yaml#L79
https://git.k-space.ee/k-space/kube/src/branch/master/traefik/values.yml#L47

https://www.ssllabs.com/ssltest/analyze.html?d=git.k-space.ee
https://www.ssllabs.com/ssltest/analyze.html?d=nextcloud.k-space.ee

Tried adding the TLSv1.3 ciphers but no effect:

            - name: GITEA__SERVER__SSL_CIPHER_SUITES
              value: aes_128_gcm_sha256,aes_256_gcm_sha384,chacha20_poly1305_sha256,ecdhe_rsa_with_aes_128_gcm_sha256,ecdhe_ecdsa_with_aes_128_gcm_sha256,ecdhe_rsa_with_aes_256_gcm_sha384,ecdhe_ecdsa_with_aes_256_gcm_sha384,ecdhe_rsa_with_chacha20_poly1305_sha256,ecdhe_ecdsa_with_chacha20_poly1305_sha256

Relevant config options:

https://docs.gitea.com/administration/config-cheat-sheet#server-server

Same cert issuer (and certificate/key config) is used for Traefik (ingress for Nextcloud), yet Gitea fails to enable TLSv1.3 https://git.k-space.ee/k-space/kube/src/branch/master/gitea/application.yaml#L2 https://git.k-space.ee/k-space/kube/src/branch/master/gitea/application.yaml#L79 https://git.k-space.ee/k-space/kube/src/branch/master/traefik/values.yml#L47 https://www.ssllabs.com/ssltest/analyze.html?d=git.k-space.ee https://www.ssllabs.com/ssltest/analyze.html?d=nextcloud.k-space.ee Tried adding the TLSv1.3 ciphers but no effect: ``` - name: GITEA__SERVER__SSL_CIPHER_SUITES value: aes_128_gcm_sha256,aes_256_gcm_sha384,chacha20_poly1305_sha256,ecdhe_rsa_with_aes_128_gcm_sha256,ecdhe_ecdsa_with_aes_128_gcm_sha256,ecdhe_rsa_with_aes_256_gcm_sha384,ecdhe_ecdsa_with_aes_256_gcm_sha384,ecdhe_rsa_with_chacha20_poly1305_sha256,ecdhe_ecdsa_with_chacha20_poly1305_sha256 ``` Relevant config options: https://docs.gitea.com/administration/config-cheat-sheet#server-server
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
ingressroute
update_git_ignore_file
alertmanager-config
Labels
Clear labels
  
todo/H&S

Health and Safety

  
todo/electronics

   
todo/equipment

Task related to K-Space equipment (fix/buy/loan/sell/usage)

  
todo/event

Organizing events at K-Space

  
todo/ideas

   
todo/information

For collecting feedback

  
todo/infra

K-Space infrastructure tasks that dont fit anywhere else

  
todo/inspiration

Copy good ideas

  
todo/media

Socialmedia/ads/SEO videos for youtube/tiktok

  
todo/merch

K-Space branded things

  
todo/museum

   
todo/presentation

Presentation ideas or things releated to preseting things at k-space

  
todo/work-shop
No Label
todo/H&S
todo/electronics
todo/equipment
todo/event
todo/ideas
todo/information
todo/infra
todo/inspiration
todo/media
todo/merch
todo/museum
todo/presentation
todo/work-shop
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: k-space/kube#20
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?