website

History

Oliver Gould 6f6ae6e311 Require TLS when using curl (#1277 ) Our usage of `curl` could be vulnerable to protocol downgrade attacks. This change updates most of our usage of curl--especially when fetching executable resources--with the following command-line flags: * `--proto '=https'` forces use of HTTPS. This ensures that dropping `https://` from a URL will cause the command to fail instead of reverting to use unsecured HTTP. * `--tlsv1.2` disables the use of older TLS versions. * `-f\|--fail` ensures that curl does not output anything to stdout when a non-2xx response is received. * `-S\|--show-error` causes errors to be printed to stderr (when `-s\|--silent` is used). Related to linkerd/linkerd2#7593 Signed-off-by: Oliver Gould <ver@buoyant.io>	2022-01-19 16:29:47 -08:00
..
_index.md	Require TLS when using curl (#1277 )	2022-01-19 16:29:47 -08:00

Our usage of `curl` could be vulnerable to protocol downgrade attacks. This
change updates most of our usage of curl--especially when fetching executable
resources--with the following command-line flags:

* `--proto '=https'` forces use of HTTPS. This ensures that dropping `https://`
  from a URL will cause the command to fail instead of reverting to use
  unsecured HTTP.
* `--tlsv1.2` disables the use of older TLS versions.
* `-f|--fail` ensures that curl does not output anything to stdout when a
  non-2xx response is received.
* `-S|--show-error` causes errors to be printed to stderr (when `-s|--silent`
  is used).

Related to linkerd/linkerd2#7593

Signed-off-by: Oliver Gould <ver@buoyant.io>

2022-01-19 16:29:47 -08:00

_index.md

Require TLS when using curl (#1277 )

2022-01-19 16:29:47 -08:00