The kube-rbac-proxy container as used in Red Hat OpenShift Container Platform does not honour TLS configurations, allowing for use of insecure ciphers and TLS 1.0. An attacker could potentially target a weak TLS configuration via a man-in-the-middle attack to discover sensitive information.
The fix for this issue properly applies the configured TLS settings and makes TLS 1.2 the default.
Name: Frederic Branczyk (Red Hat), Matthias Loibl (Red Hat), Max Inden (Red Hat)
This issue has been addressed in the following products:
Red Hat OpenShift Container Platform 3.11
Via RHBA-2019:0327 https://access.redhat.com/errata/RHBA-2019:0327