Uploaded image for project: 'OpenShift Virtualization'
  1. OpenShift Virtualization
  2. CNV-79216

TLS configuration: Do not allow custom ciphers, if the minTLSVersion is TLS 1.3

XMLWordPrintable

    • 0.42
    • False
    • Hide

      None

      Show
      None
    • False
    • None
    • None

      If the spec.tlsSecurityProfile.type is "Custom" and spec.tlsSecurityProfile.type.custom.minTLSVersion is VersionTLS13, then setting the spec.tlsSecurityProfile.type.custom.ciphers must be empty.

      Any create or update request of the HyperConverged CR that is trying to customize the ciphers when the minTLSVersion is VersionTLS13, must be rejected.

      If possible, use CEL in the CRD to implement. If not, add thie logic to the validating webhook.

              Unassigned Unassigned
              nunnatsa Nahshon Unna Tsameret
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: