Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-1648

Ability to restrict ciphers used in oauth-proxy

XMLWordPrintable

    • False
    • False
    • Undefined

      1. Proposed title of this feature request
      Ability to restrict ciphers used in oauth-proxy

      2. What is the nature and description of the request?
      Certain ciphers in oauth-proxy are considered insecure and are requested to be dropped by the Federal Office for Information Security (Germany).

      It's therefore requested to limit the ciphers in https://github.com/openshift/oauth-proxy/blob/release-4.6/vendor/github.com/openshift/library-go/pkg/crypto/crypto.go#L255-L283 to the list from the above PDF or else provide functionality to specify the ciphers allowed via oauth-proxy command-line option.

      3. Why does the customer need this? (List the business requirements here)
      The ciphers considered secure by Federal Office for Information Security (Germany) are listed in BSI TR-02102-2 and companies in Germany are requested and recommended to follow these guidelines as strictly as possible to guarantee secure data exchange. Further in some areas the guidelines are mandatory to be followed and therefore customers have a need to comply accordingly with all tooling in use (including OpenShift Container Platform and oauth-proxy)

      4. List any affected packages or components.
      oauth-proxy

              anachand Anandnatraj Chandramohan (Inactive)
              rhn-support-sreber Simon Reber
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: