tls: remove legacy SHA-2 CBC cipher suites. (#3316)

They are insecure and were removed from BoringSSL codebase in https://boringssl-review.googlesource.com/c/boringssl/+/27944 Signed-off-by: Piotr Sikora <piotrsikora@google.com> Mirrored from https://github.com/envoyproxy/envoy @ 01aea23f6bca771ad7918d049d2bee05ac316b33
7 years ago · 4f96a68ae4
parent 43bc9adb83
commit 4f96a68ae4
1 changed files with 0 additions and 6 deletions
--- a/envoy/api/v2/auth/cert.proto
+++ b/envoy/api/v2/auth/cert.proto
@ -47,21 +47,15 @@ message TlsParameters {
  //
  //   [ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]
  //   [ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]
-  //   ECDHE-ECDSA-AES128-SHA256
-  //   ECDHE-RSA-AES128-SHA256
  //   ECDHE-ECDSA-AES128-SHA
  //   ECDHE-RSA-AES128-SHA
  //   AES128-GCM-SHA256
-  //   AES128-SHA256
  //   AES128-SHA
  //   ECDHE-ECDSA-AES256-GCM-SHA384
  //   ECDHE-RSA-AES256-GCM-SHA384
-  //   ECDHE-ECDSA-AES256-SHA384
-  //   ECDHE-RSA-AES256-SHA384
  //   ECDHE-ECDSA-AES256-SHA
  //   ECDHE-RSA-AES256-SHA
  //   AES256-GCM-SHA384
-  //   AES256-SHA256
  //   AES256-SHA
  //
  // will be used.