Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-4958

Allow control of available signature algorithm for TLS in router pods

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • openshift-4.12
    • Network Edge
    • None
    • False
    • None
    • False
    • Not Selected

      It is currently only possible to configure a TLS profiles including supported ciphers in a custom profile with

      https://docs.openshift.com/container-platform/4.12/security/tls-security-profiles.html#tls-profiles-ingress-configuring_tls-security-profiles 

       

      But it is not possible to control the server signature algorithm.

      Customer wants to disable specific "Server Signature Algorithm(s)" based on a security audit especially 
      rsa_pkcs1_sha224
      which is known to be weak.

      There seems to be a property implemented in  https://www.haproxy.com/blog/announcing-haproxy-2-8#signing-algorithms-for-tls

      that could work. 

      We need similar config option in OpenShift.

              mcurry@redhat.com Marc Curry
              rhn-support-afaulhab Anne Faulhaber
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated: