From f247ce05a8b17d0c08977ee646182f279c927f2e Mon Sep 17 00:00:00 2001 From: Ted Avery Date: Wed, 9 Jul 2025 15:09:10 -0400 Subject: [PATCH] OSDOCS-15209:tlsSecurityProfileParmFix --- modules/microshift-default-settings.adoc | 19 ++++++++++--------- .../microshift-ingress-controller-config.adoc | 1 - 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/modules/microshift-default-settings.adoc b/modules/microshift-default-settings.adoc index 9670adef7269..fc838858335f 100644 --- a/modules/microshift-default-settings.adoc +++ b/modules/microshift-default-settings.adoc @@ -33,7 +33,15 @@ apiServer: subjectAltNames: [] tls: cipherSuites: - - "" + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 minVersion: VersionTLS12 debugging: logLevel: "Normal" @@ -65,14 +73,7 @@ ingress: wildcardPolicy: WildcardPolicyAllowed status: Managed tlsSecurityProfile: - type: Custom - custom: - ciphers: - - ECDHE-ECDSA-CHACHA20-POLY1305 - - ECDHE-RSA-CHACHA20-POLY1305 - - ECDHE-RSA-AES128-GCM-SHA256 - - ECDHE-ECDSA-AES128-GCM-SHA256 - minTLSVersion: VersionTLS12 + type: Intermediate tuningOptions: clientFinTimeout: "1s" clientTimeout: "30s" diff --git a/modules/microshift-ingress-controller-config.adoc b/modules/microshift-ingress-controller-config.adoc index bcbfbb4006a8..4ede08a2ac42 100644 --- a/modules/microshift-ingress-controller-config.adoc +++ b/modules/microshift-ingress-controller-config.adoc @@ -69,7 +69,6 @@ ingress: minTLSVersion:"" intermediate: {} old: {} - type: "" tuningOptions: clientFinTimeout: 1s clientTimeout: 30s