Skip to content

[SECURITY] Remove OTLP HTTP support for TLS 1.0 and TLS 1.1, require TLS 1.2#2722

Merged
marcalff merged 7 commits intoopen-telemetry:mainfrom
marcalff:remove_deprecated_tls_2721
Jul 2, 2024
Merged

[SECURITY] Remove OTLP HTTP support for TLS 1.0 and TLS 1.1, require TLS 1.2#2722
marcalff merged 7 commits intoopen-telemetry:mainfrom
marcalff:remove_deprecated_tls_2721

Conversation

@marcalff
Copy link
Copy Markdown
Member

@marcalff marcalff commented Jun 27, 2024
edited
Loading

Fixes #2721

Changes

Please provide a brief description of the changes here.

  • Remove support for min/max TLS 1.0 in the OTLP HTTP exporter
  • Remove support for min/max TLS 1.1 in the OTLP HTTP exporter
  • Require TLS 1.2 or better by default
  • This complies with https://www.ietf.org/rfc/rfc8996.html

For significant contributions please make sure you have completed the following items:

  • CHANGELOG.md updated for non-trivial changes
  • Unit tests have been added
  • Changes in public API reviewed

@codecov
Copy link
Copy Markdown

codecov bot commented Jun 27, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 87.67%. Comparing base (497eaf4) to head (daa187b).
Report is 94 commits behind head on main.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #2722      +/-   ##
==========================================
+ Coverage   87.12%   87.67%   +0.56%     
==========================================
  Files         200      190      -10     
  Lines        6109     5855     -254     
==========================================
- Hits         5322     5133     -189     
+ Misses        787      722      -65

see 108 files with indirect coverage changes

@marcalff marcalff changed the title [SECURITY] Remove TLS 1.0 and TLS 1.1 [SECURITY] Remove OTLP HTTP exporter options for TLS 1.0 and TLS 1.1 Jun 27, 2024
@marcalff marcalff added removal Removal labels Jun 27, 2024
@marcalff marcalff changed the title [SECURITY] Remove OTLP HTTP exporter options for TLS 1.0 and TLS 1.1 [SECURITY] Remove OTLP HTTP support for TLS 1.0 and TLS 1.1, require TLS 1.2 Jun 27, 2024
@marcalff marcalff marked this pull request as ready for review June 27, 2024 21:12
@marcalff marcalff requested a review from a team June 27, 2024 21:12
@marcalff marcalff added the pr:please-review This PR is ready for review label Jun 27, 2024
owent
owent approved these changes Jun 29, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@owent owent left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

lalitb
lalitb approved these changes Jul 2, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@lalitb lalitb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the cleanup

esigo
esigo approved these changes Jul 2, 2024
View reviewed changes
Copy link
Copy Markdown
Member

@esigo esigo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM
Thanks for the PR :)

@marcalff marcalff merged commit 42563e4 into open-telemetry:main Jul 2, 2024
@malkia malkia mentioned this pull request Jul 2, 2024
Merged
3 tasks
@BrewTestBot BrewTestBot mentioned this pull request Jul 17, 2024
Merged
@marcalff marcalff deleted the remove_deprecated_tls_2721 branch February 5, 2025 21:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lalitb lalitb lalitb approved these changes

@owent owent owent approved these changes

@esigo esigo esigo approved these changes

Assignees

@esigo esigo

Labels

pr:please-review This PR is ready for review removal Removal

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[SECURITY] Remove OTLP HTTP support for TLS 1.0 and TLS 1.1, require TLS 1.2 or better

4 participants

@marcalff @lalitb @owent @esigo