Bug 1425941 - [RFE] Configurable minimum TLS version
Summary: [RFE] Configurable minimum TLS version
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE
Version: 3.4.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: ---
Assignee: Jordan Liggitt
QA Contact: Meng Bo
URL:
Whiteboard:
Depends On:
Blocks: 1429609
TreeView+ depends on / blocked
 
Reported: 2017-02-22 20:07 UTC by Steven Walter
Modified: 2020-04-15 15:20 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1429609 (view as bug list)
Environment:
Last Closed: 2017-03-27 13:09:20 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Steven Walter 2017-02-22 20:07:02 UTC 
1. Proposed title of this feature request
 Configurable minimum TLS version

3. What is the nature and description of the request?
 As of OCP 3.4, the minimum permitted TLS version is 1.2. This is good for security. While 1.2 should definitely be default, customer would like to be able to configure this to a lower value if desired.

4. Why does the customer need this? (List the business requirements here)
 Customer has an external loadbalancer (NetScaler) that does not have support for TLS 1.2 so is unable to be used to communicate to masters.

5. How would the customer like to achieve this? (List the functional requirements here)
 Instead of 1.2 being minimum, have minimum be configurable with 1.2 as default minimum.

7. Is there already an existing RFE upstream or in Red Hat bugzilla?
 Not that I see.
Comment 9 Brenton Leanhardt 2017-03-27 13:09:20 UTC 
This was cloned so that it could be immediately fixed on the 3.4 codebase.  Jordan also committed it to the 3.5 codebase so I'm closing this CURRENTRELEASE.
Note You need to log in before you can comment on or make changes to this bug.