Description of problem:
Disable tlsv1.0 and/or tlsv1.1 via Router variable versus needing to customize the router template.
https://github.com/openshift/origin/blob/master/images/router/haproxy/conf/haproxy-config.template#L52
Set this line if disabling tls versions.
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11
Maybe the change would look like this:
3.7+
ssl-default-bind-options no-sslv3 {{- if isTrue (env "DISABLE_TLSv10") no-tlsv10}} {{- end }} {{- if isTrue (env "DISABLE_TLSv11") no-tlsv11}} {{- end }}
3.6 or less
ssl-default-bind-options no-sslv3 {{- if matchPattern "true|TRUE" (env "DISABLE_TLSv10" "") }} no-tlsv10 {{- end }} {{- if matchPattern "true|TRUE" (env "DISABLE_TLSv11" "") }} no-tlsv11 {{- end }}
Red Hat is moving OpenShift feature requests to a new JIRA RFE system. This bz (RFE) has been identified as a feature request which is still being evaluated and has been moved.
As the new Jira RFE system is not yet public, Red Hat Support can help answer your questions about your RFEs via the same support case system.
https://.jira.coreos.com/browse/RFE-167