mirror of
https://github.com/portainer/portainer.git
synced 2025-08-05 05:45:22 +02:00
fix(tls): centralize the TLS configuration to ensure FIPS compliance BE-11979 (#960)
This commit is contained in:
andres-portainer
GitHub
parent
3eab294908
commit
163aa57e5c
25 changed files with 454 additions and 112 deletions
|
|
@ -1,7 +1,7 @@
|
|||
package networking
|
||||
|
||||
import (
|
||||
"crypto/tls"
|
||||
"crypto/fips140"
|
||||
"fmt"
|
||||
"net"
|
||||
"net/http"
|
||||
|
|
@ -9,6 +9,8 @@ import (
|
|||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/portainer/portainer/api/crypto"
|
||||
|
||||
"github.com/segmentio/encoding/json"
|
||||
)
|
||||
|
||||
|
|
@ -71,13 +73,14 @@ func ProbeTelnetConnection(url string) string {
|
|||
func DetectProxy(url string) string {
|
||||
client := &http.Client{
|
||||
Transport: &http.Transport{
|
||||
TLSClientConfig: &tls.Config{
|
||||
InsecureSkipVerify: true,
|
||||
},
|
||||
TLSClientConfig: crypto.CreateTLSConfiguration(),
|
||||
},
|
||||
Timeout: 10 * time.Second,
|
||||
}
|
||||
|
||||
// TODO: use fips.CanTLSSkipVerify() instead
|
||||
client.Transport.(*http.Transport).TLSClientConfig.InsecureSkipVerify = !fips140.Enabled()
|
||||
|
||||
result := map[string]string{
|
||||
"operation": "proxy detection",
|
||||
"local_address": "unknown",
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue