Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-1070

TLS Cypher configuration for MicroShift

XMLWordPrintable

    • Product / Portfolio Work
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • S
    • None
    • None

      Feature Overview (aka. Goal Summary)

      Allows customers to  configure TLS and Cypher used by MicroShift

      Goals (aka. expected user outcomes)

      • Customers (esp. in the public sector) can configure which TLS version and which TLS Ciphers are offered/used by TLS endpoints of MicroShift. 

      Requirements (aka. Acceptance Criteria):

      1. For all MicroShift endpoints that use TLS (API, Router, Kubelet, etcd, ????), provide a way to pass allowed tls cipher suit configuration, e.g.

      {{ }}

      apiServer:
   tlsCipherSuites:
      - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
      - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

       

      Out of Scope

      n/a

      Background

      none

      Customer Considerations

      none

      Documentation Considerations

      • Configuration option needs to be documented in the "configuring" book
      • Optionally, as this is relevant to networking, the same parts could be in the "networking" book under "Configuring TLS cipher suites"

      Interoperability Considerations

      None

       

              dfroehli42rh Daniel Fröhlich
              dfroehli42rh Daniel Fröhlich
              None
              None
              Geri Peterson Geri Peterson
              John George John George
              Shauna Diaz Shauna Diaz
              Jon Thomas Jon Thomas
              Pablo Acevedo Montserrat Pablo Acevedo Montserrat
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: