1. Proposed title of this feature request
Allow user to choose etcd encryption cipher

2. What is the nature and description of the request?

Extend the list of supported ciphers in OCP, and allow customer to pick and choose from it to encrypt etcd.

Currently customer is stuck with AES-CBC, which is not considered secured by Kubernetes documentation. 

3. Why does the customer need this? (List the business requirements here)

Currently OCP only allows etcd to be encrypted using AES-CBC cipher, which recently has been recommended not to use by Kubernetes documentation "encryption with aescbc is not recommended due to CBC's vulnerability to padding oracle attacks.”.

4. List any affected packages or components.

OCP

Mind this RFE has been opened with a broad scope to either decide to support the same ciphers vanilla K8s supports or for the team to pick and choose which of those wants to provide as options in OCP.