Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-3288

OCP 4.10.33 uses a weak 3DES cipher in the VMWare CSI Operator for communication and provides no method to disable it

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Normal
    • None
    • 4.10.z
    • Storage / Operators
    • Moderate
    • Hide

      None

      Show
      None

    Description

      This is a clone of issue OCPBUGS-2083. The following is the description of the original issue:

      Description of problem:
      Currently we are running VMWare CSI Operator in OpenShift 4.10.33. After running vulnerability scans, the operator was discovered to be running a known weak cipher 3DES. We are attempting to upgrade or modify the operator to customize the ciphers available. We were looking at performing a manual upgrade via Quay.io but can't seem to pull the image and was trying to steer away from performing a custom install from scratch. Looking for any suggestions into mitigated the weak cipher in the kube-rbac-proxy under VMware CSI Operator.

      Version-Release number of selected component (if applicable):

 

      How reproducible:

       

      Steps to Reproduce:

      1.
2.
3.

      Actual results:

       

      Expected results:

       

      Additional info:

       

      Attachments

        Issue Links

          clones

          Bug - A problem which impairs or prevents the functions of the product. OCPBUGS-2083 OCP 4.10.33 uses a weak 3DES cipher in the VMWare CSI Operator for communication and provides no method to disable it

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Verified
          is blocked by

          Bug - A problem which impairs or prevents the functions of the product. OCPBUGS-3285 OCP 4.10.33 uses a weak 3DES cipher in the VMWare CSI Operator for communication and provides no method to disable it

          • Normal - To be worked after urgent and high priorities are resolved. This term is chosen when the severity of an issue is relatively close to the level of effort to fix it. The existence of an easily implemented workaround can also lead to this priority level instead of a higher priority.
          • Closed
          links to

          GitHub openshift/library-go#1416: [release-4.10] OCPBUGS-3288: set default list of TLS ciphers for Kube RBAC sidecars

          GitHub openshift/vmware-vsphere-csi-driver-operator#120: [release-4.10] OCPBUGS-3288: set TLS cipher suites in Kube RBAC sidecars

          Activity

            Public project attachment banner

              context keys: [headless, issue, helper, isAsynchronousRequest, project, action, user]
              current Project key: OCPBUGS

              People

                jdobson@redhat.com Jonathan Dobson
                openshift-crt-jira-prow OpenShift Prow Bot
                Wei Duan Wei Duan
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved: