Bug 1540031

Summary: [Dedicated][RFE] CONTROL OF TLS VERSIONS SUPPORTED BY WEB INTERFACES ON THE OPENSHIFT DEDICATED PLATFORM
Product: OpenShift Online Reporter: Jatan Malde <jmalde>
Component: RFEAssignee: Abhishek Gupta <abhgupta>
Status: CLOSED WONTFIX QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: 3.xCC: abhgupta, agawand, arghosh, cfedei, cscribne, hgomes, javier.leonperis, jdeenada, ksalunkh, mmariyan, pstrick, sople, sychen, tibrahim
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-04-30 14:53:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jatan Malde 2018-01-30 06:32:44 UTC 
1.  Proposed title of this feature request

CONTROL OF TLS VERSIONS SUPPORTED BY WEB INTERFACES ON THE OPENSHIFT DEDICATED PLATFORM

2. What is the nature and description of the request?

Ability for the customer to switch on and off support for the different versions of TLS on web interfaces hosted on the OpenShift Dedicated platform, including the versions of TLS supported by the OpenShift Dedicated admin and developer web console.

3. Why do you need this? (List the business requirements here)

Company security requirement to support TLS1.2 and above only, due to vulnerability/weaknesses in older versions

4. How would you like to achieve this? (List the functional requirements here)

Security settings console on OpenShift Dedicated admin web console/interface to tick/untick TLS protocols versions supported.

5. For each functional requirement listed in question 4, specify how Red Hat   and the customer can test to confirm the requirement is successfully implemented.

Customer will log into web console and web pages hosted on OpenShift Dedicated platform and check HTTPS protocols supported by the server as reported by the web browser
Comment 17 kedar 2019-04-03 05:23:09 UTC 
Hello Team,

Any further updates on this issue.

Thanks,
Kedar
Comment 19 Patrick Strick 2019-04-30 14:53:50 UTC 
While we would love to be able to support every customer request, in this case we are not planning to pursue this RFE in the near future. This request, which is the ability for a customer to set (through a UI) the TLS versions allowed on the external web interfaces of an OpenShift Dedicated cluster, requires changes in OCP first that would allow an automated and supported method of setting the TLS version. Beyond that an interface to make this change would need to be developed. It is possible that we will look into this idea again in the future, but for now we want to set the appropriate expectations for you and keep our backlog limited to those items that have a good chance of being developed within our planning horizon.