Uploaded image for project: 'Red Hat OpenShift Control Planes'
  1. Red Hat OpenShift Control Planes
  2. CNTRLPLANE-2618

Investigate ports still using TLSv1.2

XMLWordPrintable

    • Investigate ports still using TLSv1.2
    • In Progress
    • Product / Portfolio Work
    • OCPSTRAT-2028Evaluate Readiness Requirements for PQC in Control Planes Components
    • 80% To Do, 20% In Progress, 0% Done
    • False
    • Hide

      None

      Show
      None
    • False
    • None
    • None
    • None

      After running a tls-scanner job against a v4.22 cluster globally configured to use TLSv1.3 some pods remain using TLSv1.2. They don't seem to be respecting the global configuration.

      We need to go and investigate them one by one. This is the list of pods (and respective ports) that were still answering with TLSv1.2:

       

      NAMESPACE NAME PORT
      openshift-apiserver apiserver-5fbff9b44b-568hh 17698
      openshift-apiserver-operator openshift-apiserver-operator-7ff879d85c-fzdfr 8443
      openshift-controller-manager controller-manager-8b7bf444-h4jcb 8443
      openshift-controller-manager-operator openshift-controller-manager-operator-558b7d8f87-n6m27 8443
      openshift-etcd-operator etcd-operator-5d8b59ffcd-h4tkv 8443
      openshift-kube-apiserver kube-apiserver-ip-10-0-84-244.us-west-1.compute.internal 17697
      openshift-kube-apiserver-operator kube-apiserver-operator-88bd856c8-zxmdn 8443
      openshift-kube-controller-manager-operator kube-controller-manager-operator-b98bf9c49-wkzdm 8443

       

      The entire scan result can be found here and was executed on a Single Node deployment.

              dwest@redhat.com Dean West
              rmarasch@redhat.com Ricardo Maraschini
              None
              None
              None
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: