Merge pull request #1811 from tkatila/tls-drop-additional-ciphers

mythi · web-flow · commit c7f76291f380 · 2024-08-21T15:27:27.000+03:00
tls: drop additional ciphers
diff --git a/cmd/fpga_admissionwebhook/main.go b/cmd/fpga_admissionwebhook/main.go
@@ -60,8 +60,6 @@ func main() {
 		cfg.CipherSuites = []uint16{
 			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 		}
 	}
 
diff --git a/cmd/operator/main.go b/cmd/operator/main.go
@@ -140,8 +140,6 @@ func main() {
 		cfg.CipherSuites = []uint16{
 			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 		}
 	}
 
diff --git a/cmd/sgx_admissionwebhook/main.go b/cmd/sgx_admissionwebhook/main.go
@@ -42,8 +42,6 @@ func main() {
 		cfg.CipherSuites = []uint16{
 			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 		}
 	}
 
diff --git a/deployments/operator/default/manager_auth_proxy_patch.yaml b/deployments/operator/default/manager_auth_proxy_patch.yaml
@@ -15,7 +15,7 @@ spec:
         - "--secure-listen-address=0.0.0.0:8443"
         - "--upstream=http://127.0.0.1:8080/"
         - "--logtostderr=true"
-        - "--tls-cipher-suites=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305"
+        - "--tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
         - "--v=10"
         ports:
         - containerPort: 8443

Original file line number	Diff line number	Diff line change
`@@ -60,8 +60,6 @@ func main() {`
`60`	`60`	`cfg.CipherSuites = []uint16{`
`61`	`61`	`tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,`
`62`	`62`	`tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,`
`63`		`- tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,`
`64`		`- tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,`
`65`	`63`	`}`
`66`	`64`	`}`
`67`	`65`
Original file line number	Diff line number	Diff line change
`@@ -140,8 +140,6 @@ func main() {`
`140`	`140`	`cfg.CipherSuites = []uint16{`
`141`	`141`	`tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,`
`142`	`142`	`tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,`
`143`		`- tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,`
`144`		`- tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,`
`145`	`143`	`}`
`146`	`144`	`}`
`147`	`145`
Original file line number	Diff line number	Diff line change
`@@ -42,8 +42,6 @@ func main() {`
`42`	`42`	`cfg.CipherSuites = []uint16{`
`43`	`43`	`tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,`
`44`	`44`	`tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,`
`45`		`- tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,`
`46`		`- tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,`
`47`	`45`	`}`
`48`	`46`	`}`
`49`	`47`