-
Feature
-
Resolution: Done
-
Critical
-
None
-
BU Product Work
-
False
-
False
1. Proposed title of this feature request
Compliance Operator - ProfileBundle ocp4 - rule ocp4-kubelet-configure-tls-cipher-suites
2. What is the nature and description of the request?
The customer (MUFG) requested to check against this "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"
instead of
what the current default value for the rule.yml
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
3. Why does the customer need this? (List the business requirements here)
This is their company's security requirement to use other CIPHERs for the cluster.
4. List any affected packages or components.
The customer is targeting to go live on OCP 4.9 with the Compliance Operator. Thanks!
- is cloned by
-
CMP-1231 Add cipher suite value to the ProfileBundle ocp4 - rule ocp4-kubelet-configure-tls-cipher-suites
- Closed