Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-370

Update ETCD datastore encryption to use AES-GCM instead of AES-CBC

XMLWordPrintable

    • Strategic Product Work
    • False
    • Hide

      None

      Show
      None
    • False
    • OCPSTRAT-28Secure the Platform
    • 0% To Do, 0% In Progress, 100% Done
    • 0

      1. Proposed title of this feature request:

      Update ETCD datastore encryption to use AES-GCM instead of AES-CBC

      2. What is the nature and description of the request?

      The current ETCD datastore encryption solution uses the aes-cbc cipher. This cipher is now considered "weak" and is susceptible to padding oracle attack.  Upstream recommends using the AES-GCM cipher. AES-GCM will require automation to rotate secrets for every 200k writes.

      The cipher used is hard coded. 

      3. Why is this needed? (List the business requirements here).

      Security conscious customers will not accept the presence and use of weak ciphers in an OpenShift cluster. Continuing to use the AES-CBC cipher will create friction in sales and, for existing customers, may result in OpenShift being blocked from being deployed in production. 

      4. List any affected packages or components.

              wcabanba@redhat.com William Caban
              knewcome@redhat.com Kirsten Newcomer
              David Eads, Michal Fojtik (Inactive)
              Jianwei Hou Jianwei Hou
              Stephanie Stout Stephanie Stout
              David Eads David Eads
              Eric Rich Eric Rich
              Votes:
              0 Vote for this issue
              Watchers:
              14 Start watching this issue

                Created:
                Updated:
                Resolved: