Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-370

Update ETCD datastore encryption to use AES-GCM instead of AES-CBC

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • OCPSTRAT-28Secure the Platform
    • 0% To Do, 0% In Progress, 100% Done
    • 0
    • 0

      1. Proposed title of this feature request:

      Update ETCD datastore encryption to use AES-GCM instead of AES-CBC

      2. What is the nature and description of the request?

      The current ETCD datastore encryption solution uses the aes-cbc cipher. This cipher is now considered "weak" and is susceptible to padding oracle attack.  Upstream recommends using the AES-GCM cipher. AES-GCM will require automation to rotate secrets for every 200k writes.

      The cipher used is hard coded. 

      3. Why is this needed? (List the business requirements here).

      Security conscious customers will not accept the presence and use of weak ciphers in an OpenShift cluster. Continuing to use the AES-CBC cipher will create friction in sales and, for existing customers, may result in OpenShift being blocked from being deployed in production. 

      4. List any affected packages or components.

            wcabanba@redhat.com William Caban
            knewcome@redhat.com Kirsten Newcomer
            David Eads, Michal Fojtik
            Jianwei Hou Jianwei Hou
            Stephanie Stout Stephanie Stout
            David Eads David Eads
            Eric Rich Eric Rich
            Votes:
            0 Vote for this issue
            Watchers:
            14 Start watching this issue

              Created:
              Updated:
              Resolved: