k-space/kube
12
1
Fork 3
Code Issues 62 Pull Requests 1 Wiki Activity

Can't get TLSv1.3 enabled on Gitea #20

New Issue
Open
opened 2023-08-20 05:45:53 +00:00 by lauri · 0 comments
lauri commented 2023-08-20 05:45:53 +00:00
Owner
Copy Link

Same cert issuer (and certificate/key config) is used for Traefik (ingress for Nextcloud), yet Gitea fails to enable TLSv1.3

https://git.k-space.ee/k-space/kube/src/branch/master/gitea/application.yaml#L2
https://git.k-space.ee/k-space/kube/src/branch/master/gitea/application.yaml#L79
https://git.k-space.ee/k-space/kube/src/branch/master/traefik/values.yml#L47

https://www.ssllabs.com/ssltest/analyze.html?d=git.k-space.ee
https://www.ssllabs.com/ssltest/analyze.html?d=nextcloud.k-space.ee

Tried adding the TLSv1.3 ciphers but no effect:

            - name: GITEA__SERVER__SSL_CIPHER_SUITES
              value: aes_128_gcm_sha256,aes_256_gcm_sha384,chacha20_poly1305_sha256,ecdhe_rsa_with_aes_128_gcm_sha256,ecdhe_ecdsa_with_aes_128_gcm_sha256,ecdhe_rsa_with_aes_256_gcm_sha384,ecdhe_ecdsa_with_aes_256_gcm_sha384,ecdhe_rsa_with_chacha20_poly1305_sha256,ecdhe_ecdsa_with_chacha20_poly1305_sha256

Relevant config options:

https://docs.gitea.com/administration/config-cheat-sheet#server-server

Same cert issuer (and certificate/key config) is used for Traefik (ingress for Nextcloud), yet Gitea fails to enable TLSv1.3 https://git.k-space.ee/k-space/kube/src/branch/master/gitea/application.yaml#L2 https://git.k-space.ee/k-space/kube/src/branch/master/gitea/application.yaml#L79 https://git.k-space.ee/k-space/kube/src/branch/master/traefik/values.yml#L47 https://www.ssllabs.com/ssltest/analyze.html?d=git.k-space.ee https://www.ssllabs.com/ssltest/analyze.html?d=nextcloud.k-space.ee Tried adding the TLSv1.3 ciphers but no effect: ``` - name: GITEA__SERVER__SSL_CIPHER_SUITES value: aes_128_gcm_sha256,aes_256_gcm_sha384,chacha20_poly1305_sha256,ecdhe_rsa_with_aes_128_gcm_sha256,ecdhe_ecdsa_with_aes_128_gcm_sha256,ecdhe_rsa_with_aes_256_gcm_sha384,ecdhe_ecdsa_with_aes_256_gcm_sha384,ecdhe_rsa_with_chacha20_poly1305_sha256,ecdhe_ecdsa_with_chacha20_poly1305_sha256 ``` Relevant config options: https://docs.gitea.com/administration/config-cheat-sheet#server-server
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
new app
shiny
disposal
Liability in safety, usability, space, or upkeep. It doesn't provide enough meaningful historical value (museum) nor personal interest.
enchancement
Improving the existing
greenlit
The stars have aligned: Orders have arrived, plan has been laid, only hands are needed. Just do it!
upkeep
Subjects of maintenance
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
akpall arti artur dos4dev eaas erki kkuusk lauri madis plaes rasmus sander savva
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: k-space/kube#20
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?