From 34c2c4b45162796266ad6bba6974c8ed972f1d79 Mon Sep 17 00:00:00 2001 From: DracoBlue Date: Mon, 29 Jan 2024 13:35:42 +0000 Subject: [PATCH 1/2] Fix terrapin CVE-2023-48795 for https://gitlab.com/gitlab-org/gitlab/-/issues/435956 --- charts/gitlab/charts/gitlab-shell/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gitlab/charts/gitlab-shell/values.yaml b/charts/gitlab/charts/gitlab-shell/values.yaml index 6570b0779b..a49eb5cc55 100644 --- a/charts/gitlab/charts/gitlab-shell/values.yaml +++ b/charts/gitlab/charts/gitlab-shell/values.yaml @@ -129,7 +129,7 @@ config: proxyProtocol: false proxyPolicy: "use" proxyHeaderTimeout: 500ms - ciphers: [aes128-gcm@openssh.com, chacha20-poly1305@openssh.com, aes256-gcm@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr] + ciphers: [aes128-gcm@openssh.com, aes256-gcm@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr] kexAlgorithms: [curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1] macs: [hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1] gssapi: -- GitLab From 8d90cb4c01ae89b0c2b1aa8fb7db0d97763626b1 Mon Sep 17 00:00:00 2001 From: DracoBlue Date: Mon, 29 Jan 2024 13:44:28 +0000 Subject: [PATCH 2/2] Update file index.md --- doc/charts/gitlab/gitlab-shell/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/charts/gitlab/gitlab-shell/index.md b/doc/charts/gitlab/gitlab-shell/index.md index 6c551f33c9..0ca0c4a9a3 100644 --- a/doc/charts/gitlab/gitlab-shell/index.md +++ b/doc/charts/gitlab/gitlab-shell/index.md @@ -47,7 +47,7 @@ controlled by `global.shell.port`. | `config.proxyProtocol` | `false` | Enable PROXY protocol support for the `gitlab-sshd` daemon | | `config.proxyPolicy` | `"use"` | Specify policy for handling PROXY protocol. Value must be one of `use, require, ignore, reject` | | `config.proxyHeaderTimeout` | `"500ms"` | The maximum duration `gitlab-sshd` will wait before giving up on reading the PROXY protocol header. Must include units: `ms`, `s`, or `m`. | -| `config.ciphers` | `[aes128-gcm@openssh.com, chacha20-poly1305@openssh.com, aes256-gcm@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr]` | Specify the ciphers allowed. | +| `config.ciphers` | `[aes128-gcm@openssh.com, aes256-gcm@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr]` | Specify the ciphers allowed. | | `config.kexAlgorithms` | `[curve25519-sha256, curve25519-sha256@libssh.org, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1]` | Specifies the available KEX (Key Exchange) algorithms. | | `config.macs` | `[hmac-sha2-256-etm@openssh.com, hmac-sha2-512-etm@openssh.com, hmac-sha2-256, hmac-sha2-512, hmac-sha1]` | Specifies the available MAC (message authentication code algorithms. | | `config.gssapi.enabled` | `false` | Enable GSS-API support for the `gitlab-sshd` daemon | -- GitLab