OpenSSLv3 will affect both incoming and outgoing connection (!165970) · Merge requests · GitLab.org / GitLab

Drew Blessing requested to merge dblessing_update_opensslv3_callout into master Sep 12, 2024

What does this MR do and why?

The OpenSSL v3 callout previously only mentioned incoming connections. However, depending on the installation, incoming connections may already use TLSv1.2+ which is OpenSSLv3-compatible. As an example, Nginx in Omnibus has defaulted to TLSv1.2 and 1.3 since 5 years ago and most clients (modern browsers on both desktop and mobile) will already be capable of TLSv1.2+.

Perhaps more important is that all outbound connections (LDAP, WebHooks, etc.) must use OpenSSL v3/TLS1.2+ after %17.5. This MR updates the callout banner to say all connections rather than incoming.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before	After

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Edited Sep 12, 2024 by Drew Blessing

OpenSSLv3 will affect both incoming and outgoing connection

What does this MR do and why?

MR acceptance checklist

Screenshots or screen recordings

How to set up and validate locally

Merge request reports