doc: Remove SHA-1 cipher suites from the defaults on the server-side (#21240)

Related PR: https://github.com/envoyproxy/envoy/pull/20643 Signed-off-by: derekguo001 <dong.guo@intel.com> Mirrored from https://github.com/envoyproxy/envoy @ 81cebf6b12b13f490cc0ff8c77abaaffc7ef590f
3 years ago · 0e84324ccc
parent 5aa18efdc9
commit 0e84324ccc
1 changed files with 0 additions and 8 deletions
--- a/envoy/extensions/transport_sockets/tls/v3/common.proto
+++ b/envoy/extensions/transport_sockets/tls/v3/common.proto
@ -66,12 +66,8 @@ message TlsParameters {
  //
  //   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
  //   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
-  //   ECDHE-ECDSA-AES128-SHA
-  //   ECDHE-RSA-AES128-SHA
  //   ECDHE-ECDSA-AES256-GCM-SHA384
  //   ECDHE-RSA-AES256-GCM-SHA384
-  //   ECDHE-ECDSA-AES256-SHA
-  //   ECDHE-RSA-AES256-SHA
  //
  // In builds using :ref:`BoringSSL FIPS <arch_overview_ssl_fips>`, the default server cipher list is:
  //
@ -79,12 +75,8 @@ message TlsParameters {
  //
  //   ECDHE-ECDSA-AES128-GCM-SHA256
  //   ECDHE-RSA-AES128-GCM-SHA256
-  //   ECDHE-ECDSA-AES128-SHA
-  //   ECDHE-RSA-AES128-SHA
  //   ECDHE-ECDSA-AES256-GCM-SHA384
  //   ECDHE-RSA-AES256-GCM-SHA384
-  //   ECDHE-ECDSA-AES256-SHA
-  //   ECDHE-RSA-AES256-SHA
  //
  // In non-FIPS builds, the default client cipher list is:
  //