Closed jh-kainos closed 1 year ago
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/reopen
/remove-lifecycle rotten
Please send feedback to sig-contributor-experience at kubernetes/community.
/close not-planned
@k8s-triage-robot: Closing this issue, marking it as "Not Planned".
Hi
We are using a kOps managed Kubernetes cluster that uses etcd-manager. We have found that etcd-manager allows weak 3DES ciphers (vulnerable to SWEET32) as well as TLSv1.0 and TLSv1.1. I've been digging through the code and found that the gRPC server configs in etcd-manager/pkg/tlsconfig/options.go don't allow customisation of
tls.Config
withMinVersion
andCipherSuites
. Would it be possible to add an application flag that allows you to specific a cipher list and minimum TLS version, please?Here is a snippet from an
nmap
scan of the etcd-manager ports we are using: