Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-17459

Port 9447 is exposed with a weak cipher and TLS 1.0/TLS 1.1

    XMLWordPrintable

Details

    • Critical
    • No
    • Rejected
    • False
    • Hide

      None

      Show
      None

    Description

      Description of problem:

      
      Facing the same issue as JIRA[1] in OCP 4.12 and for the backport this bug solution to the OCP 4.12
      
      JIRA[1]: https://issues.redhat.com/browse/OCPBUGS-14064
      
      As port 9447 is exposed from the cluster in one of the control nodes and is using weak cipher and TLS 1.0/ TLS 1.1 , this is incompatible with the security standards for our product release. Either we should be able to disable this port or update the cipher and TLS version as the fix for meeting the security standards as you are aware TLS 1.0 & TLS 1.1 are pretty old and deprecated already.
      
      we confirmed that fips were enabled during cluster deployment by passing the key-value pair in the config file."~~~
      fips: true
      
      On JIRA[1] it is suggested to open a separate Bug for backporting. 
      
      

      Version-Release number of selected component (if applicable):

      
      

      How reproducible:

      
      

      Steps to Reproduce:

      1.
      2.
      3.
      

      Actual results:

      
      

      Expected results:

      
      

      Additional info:

      
      

      Attachments

        Issue Links

          Activity

            People

              zabitter Zane Bitter
              openshift-crt-jira-prow OpenShift Prow Bot
              Jad Haj Yahya Jad Haj Yahya
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: