Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Secure Connections Standard #548

Open
wants to merge 41 commits into
base: main
Choose a base branch
from
Open

Add Secure Connections Standard #548

wants to merge 41 commits into from

Commits on Jun 27, 2024

  1. Add first part of the secure connections standard 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    3a497cd View commit details
    Browse the repository at this point in the history

  2. Add notes about the classifications 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    0821bd6 View commit details
    Browse the repository at this point in the history

  3. Add considered options and open questions 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    291b3da View commit details
    Browse the repository at this point in the history

  4. Fix linter problems 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    2810fbf View commit details
    Browse the repository at this point in the history

  5. Add TLS standardization 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    efce5f8 View commit details
    Browse the repository at this point in the history

  6. Add database and message queue channel security, extend TLS cipher rules 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    82bbe94 View commit details
    Browse the repository at this point in the history

  7. Add remaining decision sections 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    297e562 View commit details
    Browse the repository at this point in the history

  8. Add testing script for secure connection standard (WIP) 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    1f1afe3 View commit details
    Browse the repository at this point in the history

  9. Turn avoiding CBC mode into a recommendation. 

    https://crypto.stackexchange.com/a/95660

Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    b1c6f2b View commit details
    Browse the repository at this point in the history

  10. Refactor the TLS test script to use SSLyze 

    and implement all tests based on the current standard draft

Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    cb1242d View commit details
    Browse the repository at this point in the history

  11. Add testing README and reference 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    2ff4d90 View commit details
    Browse the repository at this point in the history

  12. Address review feedback 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    0d35174 View commit details
    Browse the repository at this point in the history

  13. Fix typo in test script comment 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    3a9efd9 View commit details
    Browse the repository at this point in the history

  14. Add glossary and rephrase "SCS" to "SCS project" 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    333f953 View commit details
    Browse the repository at this point in the history

  15. Rename standard filename due to conflicting counter 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    d69af20 View commit details
    Browse the repository at this point in the history

  16. Refine the scope in regards to the communication channels 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    13d850d View commit details
    Browse the repository at this point in the history

  17. s/IPsec/WireGuard/ 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    914631c View commit details
    Browse the repository at this point in the history

  18. Fix option references for oslo.messaging ssl 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    096675b View commit details
    Browse the repository at this point in the history

  19. Add RFC link for TLS deprecation 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    73dce0a View commit details
    Browse the repository at this point in the history

  20. Don't endorse internal CAs specifically 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    0ed970d View commit details
    Browse the repository at this point in the history

  21. Refactor test script to check Mozilla TLS recommendations 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    a2f3e77 View commit details
    Browse the repository at this point in the history

  22. Update standard to reference Mozilla's TLS recommendations 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    4885429 View commit details
    Browse the repository at this point in the history

  23. Migrate test script requirements to requirements.in 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    1cbd1d0 View commit details
    Browse the repository at this point in the history

  24. Add libvirt security choices to design considerations 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    6a0920a View commit details
    Browse the repository at this point in the history

  25. Add open question about libvirt hardening 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    59c7bc8 View commit details
    Browse the repository at this point in the history

  26. Relax the requirement for the libvirt port 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    3bdc8a6 View commit details
    Browse the repository at this point in the history

  27. Rephrase and clarify libvirt security recommendations and questions 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 27, 2024
    Configuration menu
    Copy the full SHA
    d166e7e View commit details
    Browse the repository at this point in the history

Commits on Jun 28, 2024

  1. Add Mozilla TLS JSON override option to test script 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 28, 2024
    Configuration menu
    Copy the full SHA
    e757dd2 View commit details
    Browse the repository at this point in the history

  2. Fully parameterize Mozilla TLS config in test script 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 28, 2024
    Configuration menu
    Copy the full SHA
    042e5f3 View commit details
    Browse the repository at this point in the history

  3. Rename cli args in test script 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 28, 2024
    Configuration menu
    Copy the full SHA
    23423b8 View commit details
    Browse the repository at this point in the history

  4. Add Mozilla TLS JSON copy and staging YAML entry 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 28, 2024
    Configuration menu
    Copy the full SHA
    e9dacb8 View commit details
    Browse the repository at this point in the history

  5. Add remark about internal audits 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jun 28, 2024
    Configuration menu
    Copy the full SHA
    8d92617 View commit details
    Browse the repository at this point in the history

Commits on Jul 26, 2024

  1. Remove specific MQ SSL config examples, refer to docs 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Jul 26, 2024
    Configuration menu
    Copy the full SHA
    5f7ccd2 View commit details
    Browse the repository at this point in the history

Commits on Aug 9, 2024

  1. Merge branch 'main' into feat/secure-communication

    @bitkeks
    bitkeks authored Aug 9, 2024
    Configuration menu
    Copy the full SHA
    36780c6 View commit details
    Browse the repository at this point in the history

Commits on Aug 19, 2024

  1. Merge branch 'main' into feat/secure-communication

    @markus-hentsch
    markus-hentsch authored Aug 19, 2024
    Configuration menu
    Copy the full SHA
    be1848c View commit details
    Browse the repository at this point in the history

  2. Align header naming with latest standards template 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Aug 19, 2024
    Configuration menu
    Copy the full SHA
    71a663c View commit details
    Browse the repository at this point in the history

Commits on Sep 12, 2024

  1. Add storage channels 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Sep 12, 2024
    Configuration menu
    Copy the full SHA
    c9984db View commit details
    Browse the repository at this point in the history

Commits on Oct 18, 2024

  1. Merge remote-tracking branch 'origin/main' into feat/secure-communica… 

    …tion

Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Oct 18, 2024
    Configuration menu
    Copy the full SHA
    a503303 View commit details
    Browse the repository at this point in the history

  2. Assign document number 0122 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Oct 18, 2024
    Configuration menu
    Copy the full SHA
    5405304 View commit details
    Browse the repository at this point in the history

  3. Update scs-compatible-test.yaml 

    Signed-off-by: Markus Hentsch <[email protected]>
    @markus-hentsch
    markus-hentsch committed Oct 18, 2024
    Configuration menu
    Copy the full SHA
    2c47877 View commit details
    Browse the repository at this point in the history

Commits on Nov 6, 2024

  1. Merge branch 'main' into feat/secure-communication

    @anjastrunk
    anjastrunk authored Nov 6, 2024
    Configuration menu
    Copy the full SHA
    2be9a0a View commit details
    Browse the repository at this point in the history