Kubernetes Strong Ciphers

by
metallica1973
from LinuxQuestions.org on (#55ZTJ)
Hello Linux Gods,

During regular security audits, we are being flagged for weak ciphers being used on several Kubernetes v1.15 clusters. These vulnerabilities are being spit out by Kubernetes itself residing on:

tcp: 6443,10250,443 - SSL Medium Strength Cipher Suites Supported

With that being said, I have scoured the internet and cannot find a straight awnser on how to implement strong ciphers. I tried adding the different flags:

Code:- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- --tls-min-version=VersionTLS12Code:tlsMinVersion: VersionTLS12
tlsCipherSuites: ['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256','TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384','TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256']updating all the YAML configs residing in:

/etc/kubernetes/manifests/*,/var/lib/kubelet/config.yaml

applying my changes:

Code:kubectl apply -f /etc/kubernetes/manifests/{kube-apiserver,kube-controller-manager,kube-scheduler}.yamlEssentially equivalent to this post

https://stackoverflow.com/questions/...r-certificates

Any help is greatly appreciated.latest?d=yIl2AUoC8zA latest?i=HCjqSOB_7sg:b3gnmz2UBJ4:F7zBnMy latest?i=HCjqSOB_7sg:b3gnmz2UBJ4:V_sGLiP latest?d=qj6IDK7rITs latest?i=HCjqSOB_7sg:b3gnmz2UBJ4:gIN9vFwHCjqSOB_7sg
External Content
Source RSS or Atom Feed
Feed Location https://feeds.feedburner.com/linuxquestions/latest
Feed Title LinuxQuestions.org
Feed Link https://www.linuxquestions.org/questions/
Reply 0 comments