1. Proposed title of this feature request CONTROL OF TLS VERSIONS SUPPORTED BY WEB INTERFACES ON THE OPENSHIFT DEDICATED PLATFORM 2. What is the nature and description of the request? Ability for the customer to switch on and off support for the different versions of TLS on web interfaces hosted on the OpenShift Dedicated platform, including the versions of TLS supported by the OpenShift Dedicated admin and developer web console. 3. Why do you need this? (List the business requirements here) Company security requirement to support TLS1.2 and above only, due to vulnerability/weaknesses in older versions 4. How would you like to achieve this? (List the functional requirements here) Security settings console on OpenShift Dedicated admin web console/interface to tick/untick TLS protocols versions supported. 5. For each functional requirement listed in question 4, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented. Customer will log into web console and web pages hosted on OpenShift Dedicated platform and check HTTPS protocols supported by the server as reported by the web browser
Hello Team, Any further updates on this issue. Thanks, Kedar
While we would love to be able to support every customer request, in this case we are not planning to pursue this RFE in the near future. This request, which is the ability for a customer to set (through a UI) the TLS versions allowed on the external web interfaces of an OpenShift Dedicated cluster, requires changes in OCP first that would allow an automated and supported method of setting the TLS version. Beyond that an interface to make this change would need to be developed. It is possible that we will look into this idea again in the future, but for now we want to set the appropriate expectations for you and keep our backlog limited to those items that have a good chance of being developed within our planning horizon.