Description of problem:
Only weak ciphers are available for etcd
Version-Release number of selected component (if applicable):
Steps to Reproduce:
The existing set of etcd ciphers are weak and pose a security vulnerability that raises alarms in common scanning tools (e.g. Nessus). OpenShift allows customers to disable weak ciphers using the following steps: https://access.redhat.com/solutions/3374601. However, strong ciphers are not available for etcd communication. Without the ability to use a set of strong ciphers that meet regulatory minimum requirements, and disable weak ciphers, deployment of OpenShift in regulatory-controlled environments will block on security violations.
There is a new build available with the feature to select ciphers.
You can find it here:
Original PR: https://github.com/coreos/etcd/pull/9801
Sebastien -- Are there any updates on this?