Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-25594

tlsSecurityProfile definitions do not align with documentation


    • No
    • 2
    • Sprint 247, Sprint 248, Sprint 249, Sprint 250, Sprint 251, Sprint 252, Sprint 253, Sprint 254, NE Sprint 255
    • 9
    • Rejected
    • False
    • Hide



      Description of problem:

      tlsSecurityProfile definitions do not align with documentation.
      When using `oc explain` the field descriptions note that certain values are unsupported, but the same values are supported in the OpenShift Documentation. 
      This needs to be clarified and the spacing should be fixed in the descriptions as they are hard to understand.

      Version-Release number of selected component (if applicable):


      How reproducible:

      ⇒ oc explain ingresscontroller.spec.tlsSecurityProfile.modern   

      Steps to Reproduce:

          1. Check the `oc explain` output

      Actual results:

          ⇒ oc explain ingresscontroller.spec.tlsSecurityProfile.modern KIND:     IngressController VERSION:  operator.openshift.io/v1DESCRIPTION:      modern is a TLS security profile based on:      https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility and      looks like this (yaml):      ciphers: - TLS_AES_128_GCM_SHA256 - TLS_AES_256_GCM_SHA384 -      TLS_CHACHA20_POLY1305_SHA256 minTLSVersion: TLSv1.3 NOTE: Currently      unsupported.   

      Expected results:

          An output that aligns with the documentation regarding support/unsupported TLS versions Additionally, fixing the output format would be useful as it is very hard to understand/read in it's current form.
      Here in the 4.14 Documentation, it states:
      The HAProxy Ingress Controller image supports TLS 1.3 and the Modern profile.

      Additional info:

      The `apiserver` CR should also be checked for the same thing.    

            rhn-support-misalunk Miheer Salunke
            rhn-support-mwasher Michael Washer
            Shudi Li Shudi Li
            0 Vote for this issue
            11 Start watching this issue