Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1431130

Summary: Possibility of specifying SSL route configuration
Product: OpenShift Container Platform Reporter: Sergi Jimenez Romero <sjr>
Component: RFEAssignee: Dan McPherson <dmcphers>
Status: CLOSED DUPLICATE QA Contact: Xiaoli Tian <xtian>
Severity: high Docs Contact:
Priority: unspecified    
Version: 3.3.0CC: aos-bugs, dmcphers, jokerman, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-03-10 15:19:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sergi Jimenez Romero 2017-03-10 12:38:32 UTC
From the RFE template:

> 3. What is the nature and description of the request?  

Exposed applications running on OCP might have secure routes, which might become vulnerable in the event of a bug being disclosed for the set of ciphers, tls implementation, ...

Some businesses might not be able to wait for a fix being provided and might require to workaround the issue themselves.

The RFE is to have the ability to configure TLS settings per route.

> 4. Why does the customer need this? (List the business requirements here)  

Customer operates in highly regulated environment and they need to be able to comply with the regulations and security standards.

> 5. How would the customer like to achieve this? (List the functional requirements here)  

Quoting:

"In general, we would like that users can customize as many TLS-related parameters as possible (TLS version, allowed ciphers...).

If this is not possible, we (as cluster admins) would like to be able to define "security levels" and let the user choose one of them at their routes (having a "default" security level is acceptable)."


> 6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.  

Example scenario: Application running on OCP has to comply with specific regulations, therefore would need to configure the TLS settings accordingly.

> 10. List any affected packages or components.  
Router

Comment 3 Dan McPherson 2017-03-10 15:19:24 UTC

*** This bug has been marked as a duplicate of bug 1381973 ***

Comment 4 Sergi Jimenez Romero 2017-03-10 15:34:48 UTC
Dan, do you plan to tackle SSL/TLS customizations on BZ#1381973 ?

Comment 5 Dan McPherson 2017-03-10 15:38:19 UTC
Sergi, I added it to the list of the requirements on the card.

I did that because I don't want to have an RFE for each setting until we at least have the basic customization.  If for some reason we can't do TLS at the same time, we'll need to keep the RFE open or split it back out.