Bug 1425941

Summary: [RFE] Configurable minimum TLS version
Product: OpenShift Container Platform Reporter: Steven Walter <stwalter>
Component: RFEAssignee: Jordan Liggitt <jliggitt>
Status: CLOSED CURRENTRELEASE QA Contact: Meng Bo <bmeng>
Severity: high Docs Contact:
Priority: high    
Version: 3.4.0CC: agoldste, aos-bugs, asolanas, bleanhar, erich, jokerman, meggen, mmccomas, wsun
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1429609 (view as bug list) Environment:
Last Closed: 2017-03-27 13:09:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1429609    

Description Steven Walter 2017-02-22 20:07:02 UTC 
1. Proposed title of this feature request
 Configurable minimum TLS version

3. What is the nature and description of the request?
 As of OCP 3.4, the minimum permitted TLS version is 1.2. This is good for security. While 1.2 should definitely be default, customer would like to be able to configure this to a lower value if desired.

4. Why does the customer need this? (List the business requirements here)
 Customer has an external loadbalancer (NetScaler) that does not have support for TLS 1.2 so is unable to be used to communicate to masters.

5. How would the customer like to achieve this? (List the functional requirements here)
 Instead of 1.2 being minimum, have minimum be configurable with 1.2 as default minimum.

7. Is there already an existing RFE upstream or in Red Hat bugzilla?
 Not that I see.
Comment 9 Brenton Leanhardt 2017-03-27 13:09:20 UTC 
This was cloned so that it could be immediately fixed on the 3.4 codebase.  Jordan also committed it to the 3.5 codebase so I'm closing this CURRENTRELEASE.