mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-03 11:45:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

revert the disabling of http2 for the Supervisor OIDC endpoints

Browse Source 
Due to the unintended consequence of potentially breaking Ingresses
which were configured to use http2 on their backends.
This commit is contained in:
Ryan Richard
2023-12-06 13:10:51 -08:00
parent 2198b4820a
commit c5d1f380d2
1 changed files with 0 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/supervisor/server/server.go
View File

@@ -531,10 +531,6 @@ func runSupervisor(ctx context.Context, podInfo *downward.PodInfo, cfg *supervis
}
c := ptls.Default(nil)
// Remove "h2" from the list for now, until we have a better idea of how to mitigate
// potential http2 rapid reset vulnerabilities. This disables serving requests using http2.
c.NextProtos = []string{"http/1.1"}
c.GetCertificate = func(info *tls.ClientHelloInfo) (*tls.Certificate, error) {
cert := dynamicTLSCertProvider.GetTLSCert(strings.ToLower(info.ServerName))
foundServerNameCert := cert != nil