When using TLS13 it should not be allowed to specify any ciphers

[0xFelix]

Is this a BUG REPORT or FEATURE REQUEST?:

Uncomment only one, leave it on its own line:

/kind bug /kind enhancement

What happened:

When using minTLSVersion: VersionTLS13 HCO accepts custom ciphers even though it is not possible to configure ciphers at all in Golang when using TLS 1.3.

oc patch hco kubevirt-hyperconverged -n openshift-cnv --type=json -p '[{"op": "replace", "path": /spec/tlsSecurityProfile, "value": {custom: {minTLSVersion: "VersionTLS13", ciphers: ["TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"]}, type: "Custom"} }]'

This command returns success, but translates to the following tlsConfiguration on the KubeVirt CR:

tlsConfiguration:
  minTLSVersion: VersionTLS13

What you expected to happen:

This command should fail:

oc patch hco kubevirt-hyperconverged -n openshift-cnv --type=json -p '[{"op": "replace", "path": /spec/tlsSecurityProfile, "value": {custom: {minTLSVersion: "VersionTLS13", ciphers: ["TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"]}, type: "Custom"} }]'

How to reproduce it (as minimally and precisely as possible):

Run the mentioned command and observe the KubeVirt CR.

Anything else we need to know?:

Environment:

• HCO version (use oc get csv -n kubevirt-hyperconverged):
• Kubernetes version (use kubectl version):
• Cloud provider or hardware configuration:
• Install tools:
• Others:

[0xFelix]

/cc @tiraboschi