Uploaded image for project: 'Cloud Infrastructure Security & Compliance'
  1. Cloud Infrastructure Security & Compliance
  2. CMP-1926

Add cipher suite value to the ProfileBundle ocp4 - rule ocp4-kubelet-configure-tls-cipher-suites

XMLWordPrintable

    • BU Product Work
    • False
    • False

      1. Proposed title of this feature request

       

      Compliance Operator - ProfileBundle ocp4 - rule ocp4-kubelet-configure-tls-cipher-suites

      2. What is the nature and description of the request?

       

      The customer (MUFG) requested to check against this "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"

      instead of 

      what the current default value for the rule.yml

      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"

       

      3. Why does the customer need this? (List the business requirements here)

      This is their company's security requirement to use other CIPHERs for the cluster.

       

      4. List any affected packages or components.

      The customer is targeting to go live on OCP 4.9 with the Compliance Operator. Thanks!

              dcaspin@redhat.com Doron Caspin
              shanna_chan Pui Chan
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: