Skip to content
Snippets Groups Projects
Commit 8a29b4f3 authored by Matthias Loibl's avatar Matthias Loibl
Browse files

Update ciphers and infos for them

parent 264cf11b
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
jsonnet/kube-prometheus/kube-prometheus.libsonnet
+ 14
10
View file @ 8a29b4f3
...@@ -43,24 +43,28 @@ local configMapList = k.core.v1.configMapList; ...@@ -43,24 +43,28 @@ local configMapList = k.core.v1.configMapList;
namespace: 'default', namespace: 'default',
tlsCipherSuites: [ tlsCipherSuites: [
'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721
'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', // required by h2: http://golang.org/cl/30721
// 'TLS_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 // 'TLS_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566
// 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661 // 'TLS_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661
'TLS_RSA_WITH_AES_128_CBC_SHA', // 'TLS_RSA_WITH_AES_128_CBC_SHA', // disabled by h2
'TLS_RSA_WITH_AES_256_CBC_SHA', // 'TLS_RSA_WITH_AES_256_CBC_SHA', // disabled by h2
'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA256',
'TLS_RSA_WITH_AES_128_GCM_SHA256', // 'TLS_RSA_WITH_AES_128_GCM_SHA256', // disabled by h2
'TLS_RSA_WITH_AES_256_GCM_SHA384', // 'TLS_RSA_WITH_AES_256_GCM_SHA384', // disabled by h2
// 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 // 'TLS_ECDHE_ECDSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA', // 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA',// disabled by h2
'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA', // 'TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA',// disabled by h2
// 'TLS_ECDHE_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566 // 'TLS_ECDHE_RSA_WITH_RC4_128_SHA', // insecure: https://access.redhat.com/security/cve/cve-2013-2566
// 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661 // 'TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA', // insecure: https://access.redhat.com/articles/2548661
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', // 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', // disabled by h2
'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', // 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', // disabled by h2
'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256',
'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256',
// 'TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', // Doesn't work with h2
// 'TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256', // Doesn't work with h2 // disabled by h2 means: https://github.com/golang/net/blob/e514e69ffb8bc3c76a71ae40de0118d794855992/http2/ciphers.go
// 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', // TODO: Might not work with h2 // 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', // TODO: Might not work with h2
// 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', // TODO: Might not work with h2 // 'TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384', // TODO: Might not work with h2
// 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305', // TODO: Might not work with h2 // 'TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305', // TODO: Might not work with h2
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment