Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-17459

Port 9447 is exposed with a weak cipher and TLS 1.0/TLS 1.1

XMLWordPrintable

    • Critical
    • No
    • Rejected
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      
      Facing the same issue as JIRA[1] in OCP 4.12 and for the backport this bug solution to the OCP 4.12
      
      JIRA[1]: https://issues.redhat.com/browse/OCPBUGS-14064
      
      As port 9447 is exposed from the cluster in one of the control nodes and is using weak cipher and TLS 1.0/ TLS 1.1 , this is incompatible with the security standards for our product release. Either we should be able to disable this port or update the cipher and TLS version as the fix for meeting the security standards as you are aware TLS 1.0 & TLS 1.1 are pretty old and deprecated already.
      
      we confirmed that fips were enabled during cluster deployment by passing the key-value pair in the config file."~~~
      fips: true
      
      On JIRA[1] it is suggested to open a separate Bug for backporting. 
      
      

      Version-Release number of selected component (if applicable):

      
      

      How reproducible:

      
      

      Steps to Reproduce:

      1.
      2.
      3.
      

      Actual results:

      
      

      Expected results:

      
      

      Additional info:

      
      

            zabitter Zane Bitter
            openshift-crt-jira-prow OpenShift Prow Bot
            Jad Haj Yahya Jad Haj Yahya
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: