-
Bug
-
Resolution: Done-Errata
-
Normal
-
4.17.0
-
Quality / Stability / Reliability
-
False
-
-
None
-
Important
-
None
-
Rejected
-
Auth Feature Team - Sprint 268, Auth Feature Team - Sprint 269
-
2
-
+
-
Proposed
-
Release Note Not Required
-
The "Modern" TLS security profile was documented as supported in 4.16, but it didn't actually work, support for TLS 1.3 and proper handling of the Modern profile was added in 4.19, ensuring the profile now works as expected
Description of problem:
Modern TLS security profile is one of 4.16 we support, see https://docs.openshift.com/container-platform/4.16/security/tls-security-profiles.html, but actually it dones't work.
Version-Release number of selected component (if applicable):
$ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.16.0-0.nightly-2024-08-21-192930 True False 5h42m Cluster version is 4.16.0-0.nightly-2024-08-21-192930
How reproducible:
always
Steps to Reproduce:
1. $ oc patch apiservers/cluster --type=merge -p '{"spec": {"tlsSecurityProfile":{"modern":{},"type":"Modern"}}}'
The APIServer "cluster" is invalid: spec.tlsSecurityProfile.type: Unsupported value: "Modern": supported values: "Old", "Intermediate", "Custom"
Actual results:
Modern TLS security profile doesn't work
Expected results:
Modern TLS security profile should work
Additional info:
- blocks
-
-
- POST
-
- is cloned by
-
-
- POST
-
- is related to
-
API-1854 Enable TLS v1.3
-
- Closed
-
-
OCPSTRAT-1364 Support TLS v1.3: Improve validation of TLS Modern Profile for Control-Plane components
-
- Closed
-
- is triggering
-
API-1895 Corrective Measure for OCPBUGS-37706: Modern TLS security profile support
-
- Closed
-
- links to
-
RHEA-2024:11038
OpenShift Container Platform 4.19.z bug fix update
