-
Bug
-
Resolution: Unresolved
-
Normal
-
4.17.0
-
Quality / Stability / Reliability
-
False
-
-
None
-
Important
-
None
-
In Progress
-
Bug Fix
-
The "Modern" TLS security profile was documented as supported in 4.16, but it didn't actually work, support for TLS 1.3 and proper handling of the Modern profile was added in 4.19, ensuring the profile now works as expected
-
None
-
None
-
None
-
None
This is a clone of issue OCPBUGS-37706. The following is the description of the original issue:
—
Description of problem:
Modern TLS security profile is one of 4.16 we support, see https://docs.openshift.com/container-platform/4.16/security/tls-security-profiles.html, but actually it dones't work.
Version-Release number of selected component (if applicable):
$ oc get clusterversion
NAME VERSION AVAILABLE PROGRESSING SINCE STATUS
version 4.16.0-0.nightly-2024-08-21-192930 True False 5h42m Cluster version is 4.16.0-0.nightly-2024-08-21-192930
How reproducible:
always
Steps to Reproduce:
1. $ oc patch apiservers/cluster --type=merge -p '{"spec": {"tlsSecurityProfile":{"modern":{},"type":"Modern"}}}'
The APIServer "cluster" is invalid: spec.tlsSecurityProfile.type: Unsupported value: "Modern": supported values: "Old", "Intermediate", "Custom"
Actual results:
Modern TLS security profile doesn't work
Expected results:
Modern TLS security profile should work
Additional info:
- clones
-
-
- Closed
-
- is blocked by
-
-
- Closed
-
- links to