Open agonzalezm opened 3 weeks ago
anyone can explain details how to remove these ciphers with haproxy ingress helm charts installed?
You can use the global-config-snippet
option in ConfigMap to set the ciphers:
apiVersion: v1
kind: ConfigMap
metadata:
name: haproxy-kubernetes-ingress
namespace: default
data:
global-config-snippet: |
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tlsv12 no-tls-tickets
If you are using Helm, you can pass these options in controller.config
from values.yaml:
# (...)
controller:
config:
global-config-snippet: |
ssl-default-bind-ciphersuites ...
ssl-default-bind-options ...
default haproxy ingress install has many yellow insecure ciphers enabled, how can i enable only secure ciphers (green ones)
i tried this in ingress yaml but didnt work:
ingress.kubernetes.io/ssl-ciphers: "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384"