Uploaded image for project: 'Cloud Infrastructure Security & Compliance'
  1. Cloud Infrastructure Security & Compliance
  2. CMP-1231

Add cipher suite value to the ProfileBundle ocp4 - rule ocp4-kubelet-configure-tls-cipher-suites

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Done
    • Icon: Critical Critical
    • openshift-4.11
    • None
    • None
    • None
    • Add cipher suite value to the ProfileBundle ocp4 - rule ocp4-kubelet-configure-tls-cipher-suites
    • False
    • False
    • Green
    • To Do
    • Impediment
    • 100
    • 100% 100%
    • Hide

      Feature implementation complete and ready for QE.  Doc and TE needs are minimal given the small scope of this feature.  On track for completion by feature freeze.

      Show
      Feature implementation complete and ready for QE.  Doc and TE needs are minimal given the small scope of this feature.  On track for completion by feature freeze.

      1. Proposed title of this feature request

       

      Compliance Operator - ProfileBundle ocp4 - rule ocp4-kubelet-configure-tls-cipher-suites

      2. What is the nature and description of the request?

       

      The customer (MUFG) requested to check against this "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"

      instead of 

      what the current default value for the rule.yml

      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"

       

      3. Why does the customer need this? (List the business requirements here)

      This is their company's security requirement to use other CIPHERs for the cluster.

       

      4. List any affected packages or components.

      The customer is targeting to go live on OCP 4.9 with the Compliance Operator. Thanks!

        1.
        		 QE-tracker Sub-task Closed Undefined Xiaojie Yuan
        2.
        		 Docs Tracker Sub-task New Undefined Unassigned
        3.
        		 TE Tracker Sub-task New Undefined Unassigned

            wenshen@redhat.com Vincent Shen
            dcaspin@redhat.com Doron Caspin
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: