Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove outdated ciphers from API server flags #3766

Open
AndiDog opened this issue Nov 14, 2024 · 2 comments
Open

Remove outdated ciphers from API server flags #3766

AndiDog opened this issue Nov 14, 2024 · 2 comments
Assignees
@njuettner
Labels
team/tenet Team Tenet

Comments

@AndiDog
Copy link

AndiDog commented Nov 14, 2024

The cluster chart hardcodes a cipher list. Because of AWS ELB health checks not supporting newer ciphers (kubernetes-sigs/cluster-api-provider-aws#5139), we need to keep a few RSA-based ones. When comparing the latest secure ciphers preferred in Go 1.23 to our list ({{- define "cluster.internal.controlPlane.kubeadm.clusterConfiguration.apiServer.tlsCipherSuites" }}), there are however two ciphers that likely can go away:

  • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
  • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305

Both have newer *_SHA256 alternatives supported in Go.
@AndiDog AndiDog added this to Roadmap Nov 14, 2024
@github-project-automation github-project-automation bot moved this to Inbox 📥 in Roadmap Nov 14, 2024
@njuettner njuettner self-assigned this Nov 22, 2024
@njuettner njuettner moved this from Up Next ➡️ to In Progress ⛏️ in Roadmap Nov 22, 2024
@architectbot architectbot added the team/tenet Team Tenet label Nov 22, 2024
@njuettner njuettner mentioned this issue Nov 22, 2024
Open
1 task
@yulianedyalkova
Copy link

Let's also please only ship this feature with v30 releases.

@yulianedyalkova
Copy link

Currently blocked on #3778.

@njuettner njuettner moved this from Blocked / Waiting ⛔️ to In Progress ⛏️ in Roadmap Nov 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@njuettner njuettner

Labels
team/tenet Team Tenet
Projects
Roadmap
Status: In Progress ⛏️
Milestone
No milestone
Development

No branches or pull requests
4 participants
@AndiDog @njuettner @yulianedyalkova @architectbot