Description of problem: Disable tlsv1.0 and/or tlsv1.1 via Router variable versus needing to customize the router template. https://github.com/openshift/origin/blob/master/images/router/haproxy/conf/haproxy-config.template#L52 Set this line if disabling tls versions. ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 Maybe the change would look like this: 3.7+ ssl-default-bind-options no-sslv3 {{- if isTrue (env "DISABLE_TLSv10") no-tlsv10}} {{- end }} {{- if isTrue (env "DISABLE_TLSv11") no-tlsv11}} {{- end }} 3.6 or less ssl-default-bind-options no-sslv3 {{- if matchPattern "true|TRUE" (env "DISABLE_TLSv10" "") }} no-tlsv10 {{- end }} {{- if matchPattern "true|TRUE" (env "DISABLE_TLSv11" "") }} no-tlsv11 {{- end }}
*** Bug 1570002 has been marked as a duplicate of this bug. ***
Red Hat is moving OpenShift feature requests to a new JIRA RFE system. This bz (RFE) has been identified as a feature request which is still being evaluated and has been moved. As the new Jira RFE system is not yet public, Red Hat Support can help answer your questions about your RFEs via the same support case system. https://.jira.coreos.com/browse/RFE-167