The attached email thread discusses some difficulties encountered by RH engineers in getting an external EAP client connected to a broker running in OpenShift via a secure connection. In the same thread, Roman also notes some findings from his SSL testing.

Use this discussion to make improvements to the documentation for SSL configuration for Broker on OpenShift. In particular:

• Improve the legibility of the CR configuration reference. Recommend against using the default list of cipher suites, as noted by Roman.
• Review the working example attached by Federico (https://drive.google.com/drive/folders/1fUPERnh40xeI1uGraoD89Qgqz2n0NIGP) and improve the procedures for configuring one and two-way SSL.