Skip to content

Commit

Permalink
Update ciphers in ingress controller remediation
Browse files Browse the repository at this point in the history 
Since we're updating the recommended OCIL, we can also update the
remediation shipped with the content so that it matches. This will allow
users to apply a remediation that updates their TLS ciphers so their
either Recommended or Secure.

This commit has a dependency on a permission change to the operator
cluster role so that it can actually apply the remediation at runtime:

  ComplianceAsCode/compliance-operator#558
  • Loading branch information
@rhmdnd
rhmdnd committed Aug 14, 2024
1 parent 64cf1a6 commit cd81b94
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions ...shift/kubelet/kubelet_configure_tls_cipher_suites_ingresscontroller/kubernetes/shared.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,12 @@ spec:
ciphers:
- ECDHE-ECDSA-AES128-GCM-SHA256
- ECDHE-RSA-AES128-GCM-SHA256
- ECDHE-ECDSA-CHACHA20-POLY1305
- ECDHE-RSA-AES256-GCM-SHA384
- ECDHE-RSA-CHACHA20-POLY1305
- ECDHE-ECDSA-AES256-GCM-SHA384
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
minTLSVersion: VersionTLS12
type: Custom

0 comments on commit cd81b94

Please sign in to comment.