Ability to Disable Specific TLS Versions in F5 BIG-IP Kubernetes Operator
Description
This feature request is to add the capability to disable specific TLS versions in the F5 BIG-IP Kubernetes Operator, allowing users to configure which TLS versions are enabled or disabled.
Actual Problem
Currently, the F5 BIG-IP Kubernetes Operator does not provide an option to selectively disable certain TLS versions. This can be problematic for users who need to comply with security standards or have specific security requirements that mandate the use of certain TLS versions.
Solution Proposed
Add a configuration option to the TLSProfile clientSSLParams that allows users to specify which TLS versions should be enabled or disabled. This will provide users with the flexibility to configure TLS settings according to their security needs.
Alternatives
One alternative could be to manually configure the TLS versions on the F5 BIG-IP device after deployment using the Kubernetes Operator. However, this would be less efficient and could lead to configuration drift.
Additional context
This feature is important for organizations that need to comply with security standards such as PCI DSS, which require the use of specific TLS versions and configurations.
Title
Ability to Disable Specific TLS Versions in F5 BIG-IP Kubernetes Operator
Description
This feature request is to add the capability to disable specific TLS versions in the F5 BIG-IP Kubernetes Operator, allowing users to configure which TLS versions are enabled or disabled.
Actual Problem
Currently, the F5 BIG-IP Kubernetes Operator does not provide an option to selectively disable certain TLS versions. This can be problematic for users who need to comply with security standards or have specific security requirements that mandate the use of certain TLS versions.
Solution Proposed
Add a configuration option to the TLSProfile clientSSLParams that allows users to specify which TLS versions should be enabled or disabled. This will provide users with the flexibility to configure TLS settings according to their security needs.
Alternatives
One alternative could be to manually configure the TLS versions on the F5 BIG-IP device after deployment using the Kubernetes Operator. However, this would be less efficient and could lead to configuration drift.
Additional context
This feature is important for organizations that need to comply with security standards such as PCI DSS, which require the use of specific TLS versions and configurations.