Open huornlmj opened 11 months ago
Adding a new weak ciphers to the list that Calico typha supports in its default configuration: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384
When the TLS endpoint that calico-typha exposes, the following ciphers are advertised as supported which are considered weak as they do not offer PFS (Perfect Forward Secrecy).
Expected Behavior
Only Ephemeral suites should be used
Current Behavior
These suites are supported by the server:
Possible Solution
PR to remove the 2x weak ciphers.
Steps to Reproduce (for bugs)