Skip to content

Commit

Permalink
force ccm cipher-suites to fix sweet32 CVE (#439)
Browse files Browse the repository at this point in the history
  • Loading branch information
tuxtof authored May 31, 2024
1 parent dc98d5e commit e03f712
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 0 deletions.
1 change: 1 addition & 0 deletions templates/ccm/nutanix-ccm.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -197,6 +197,7 @@ spec:
args:
- "--leader-elect=true"
- "--cloud-config=/etc/cloud/nutanix_config.json"
- "--tls-cipher-suites=${TLS_CIPHER_SUITES=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256}"
resources:
requests:
cpu: 100m
Expand Down
1 change: 1 addition & 0 deletions templates/cluster-template-csi.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,7 @@ data:
args:
- "--leader-elect=true"
- "--cloud-config=/etc/cloud/nutanix_config.json"
- "--tls-cipher-suites=${TLS_CIPHER_SUITES=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256}"
resources:
requests:
cpu: 100m
Expand Down
1 change: 1 addition & 0 deletions templates/cluster-template.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -208,6 +208,7 @@ data:
args:
- "--leader-elect=true"
- "--cloud-config=/etc/cloud/nutanix_config.json"
- "--tls-cipher-suites=${TLS_CIPHER_SUITES=TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256}"
resources:
requests:
cpu: 100m
Expand Down

0 comments on commit e03f712

Please sign in to comment.