Skip to content

Add AES256-GCM-SHA384 to allowed list of Nginx SSL ciphers

Balasankar 'Balu' C requested to merge add-AES256-GCM-SHA384-back into master

What does this MR do?


Note that a certificate provided by AWS Certificate Manager (ACM) contains an RSA public key. Therefore, you must include a cipher suite that uses RSA in your security policy if you use a certificate provided by ACM; otherwise, the TLS connection fails

This means, if we don't have at least one cipher using RSA for key exchange, users who use a Classic Load Balancer in AWS with certificate provided by ACM will see connections being dropped suddenly after upgrading to 14.1 (because we removed it in !5461 (merged)). This MR adds one such key back to cater to those users.

Related issues (GitLab Internal) (GitLab Internal)


See Definition of done.

For anything in this list which will not be completed, please provide a reason in the MR discussion


  • Merge Request Title, and Description are up to date, accurate, and descriptive
  • MR targeting the appropriate branch
  • MR has a green pipeline on
  • Pipeline is green on if the change is touching anything besides documentation or internal cookbooks
  • trigger-package has a green pipeline running against latest commit

Expected (please provide an explanation if not completing)

  • Test plan indicating conditions for success has been posted and passes
  • Documentation created/updated
  • Tests added
  • Integration tests added to GitLab QA
  • Equivalent MR/issue for the GitLab Chart opened
Edited by Ben Prescott_

Merge request reports