This is for 3.4.x. Will set target release appropriately when 3.4.2 is in the list
Per dmcphers, setting target release to latest 3.4.x
This has been merged into ocp and is in OCP v3.4.1.10 or newer.
Checked on v3.4.1.10 After change the master config as: servingInfo: ... minTLSVersion: VersionTLS11 cipherSuites: - TLS_RSA_WITH_3DES_EDE_CBC_SHA The TLS and cipher related info can be configured. Start 2017-03-09 22:20:01 -->> 10.66.147.225:8443 (10.66.147.225) <<-- rDNS (10.66.147.225): -- Service detected: HTTP Testing protocols (via sockets except TLS 1.2, SPDY+HTTP2) SSLv2 not offered (OK) SSLv3 not offered (OK) TLS 1 not offered TLS 1.1 offered TLS 1.2 offered (OK) Version tolerance downgraded to TLSv1.2 (OK) SPDY/NPN http/1.1 (advertised) HTTP2/ALPN Local problem: /usr/bin/openssl doesn't support HTTP2/ALPN Testing all locally available ciphers per protocol against the server, ordered by encryption strength (Your /usr/bin/openssl cannot show DH/ECDH bits) Hexcode Cipher Suite Name (OpenSSL) KeyExch. Encryption Bits ------------------------------------------------------------------------ SSLv2 SSLv3 TLS 1 TLS 1.1 x0a DES-CBC3-SHA RSA 3DES 168 TLS 1.2 x0a DES-CBC3-SHA RSA 3DES 168 Done 2017-03-09 22:20:04 -->> 10.66.147.225:8443 (10.66.147.225) <<--
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:0512