github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
023f11dc10
kubernetes/cmd
History
k8s-merge-robot 0fc573296d Merge pull request #26169 from victorgp/master 
Automatic merge from submit-queue

Setting TLS1.2 minimum because TLS1.0 and TLS1.1 are vulnerable

TLS1.0 is known as vulnerable since it can be downgraded to SSL
https://blog.varonis.com/ssl-and-tls-1-0-no-longer-acceptable-for-pci-compliance/

TLS1.1 can be vulnerable if cipher RC4-SHA is used, and in Kubernetes it is, you can check it with
`
openssl s_client -cipher RC4-SHA -connect apiserver.k8s.example.com:443
`

https://www.globalsign.com/en/blog/poodle-vulnerability-expands-beyond-sslv3-to-tls/

Test suites like Qualys are reporting this Kubernetes issue as a level 3 vulnerability, they recommend to upgrade to TLS1.2 that is not affected, quoting Qualys:

`
RC4 should not be used where possible. One reason that RC4 was still being used was BEAST and Lucky13 attacks against CBC mode ciphers in
SSL and
TLS. However, TLSv 1.2 or later address these issues.
`
2016-05-29 13:24:46 -07:00
..
genbashcomp insert space after comment character in cmd folder 2016-01-08 16:25:57 +05:30
gendocs Make kubectl bash completion namespace aware and add noun aliases 2016-04-03 16:25:56 +02:00
genkubedocs Make kubectl bash completion namespace aware and add noun aliases 2016-04-03 16:25:56 +02:00
genman insert space after comment character in cmd folder 2016-01-08 16:25:57 +05:30
genswaggertypedocs fix imported package names to not use under_scores 2015-10-16 16:37:03 +08:00
genutils Make copyright ownership statement generic 2015-05-01 17:49:56 -04:00
genyaml Create cmd to generate kubectl yaml docs 2016-04-11 17:07:45 -07:00
hyperkube Fix hyperkube flag parsing 2016-05-13 15:41:22 -07:00
integration Merge pull request #25972 from luxas/remove_arch_constants 2016-05-28 04:48:59 -07:00
kube-apiserver Merge pull request #25599 from caesarxuchao/orphaning-finalizer 2016-05-26 13:19:19 -07:00
kube-controller-manager add gc and its enablement flag to kube-controller-manager 2016-05-28 14:12:33 -07:00
kube-dns added dns-port flag to have a custom DNS port for skydns to serve DNS requests on. updated imports 2016-05-23 14:54:00 -07:00
kube-proxy Use protobufs by default to communicate with apiserver 2016-05-21 11:38:32 +02:00
kubectl Fix hyperkube flag parsing 2016-05-13 15:41:22 -07:00
kubelet Merge pull request #26169 from victorgp/master 2016-05-29 13:24:46 -07:00
kubemark Added pods-per-core to kubelet. #25762 2016-05-27 07:10:13 -04:00
kubernetes-discovery Adding a discovery summarizer server 2016-05-13 13:52:23 -07:00
libs/go2idl Conversions should generate inline copies 2016-05-28 08:52:08 -04:00
linkcheck linkchecker tool now visits the URL to determine if it's valid 2016-01-26 17:01:37 -08:00
mungedocs mungedocs should not assume upstream remote 2016-04-27 21:33:09 -04:00
OWNERS Remove myself from a bunch of OWNERS files, as I am too overloaded 2016-05-11 13:34:51 -07:00