Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: correct TLSCipherSuites to tlsCipherSuites in 4.2.13 #1703

Merged
merged 2 commits into from
Oct 16, 2024
Merged

fix: correct TLSCipherSuites to tlsCipherSuites in 4.2.13 #1703

merged 2 commits into from
Oct 16, 2024

Conversation

Nezz7
Copy link
Contributor

@Nezz7 Nezz7 commented Oct 14, 2024
edited
Loading

The message in 4.2.13 is misleading as it mentions TLSCipherSuites while the correct field name is called tlsCipherSuites

4.2.13 If using a Kubelet config file, edit the file to set TLSCipherSuites: to
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256
or to a subset of these values.

I updated the kubelet config file to:

...
TLSCipherSuites:
  - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
  - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
  - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  - TLS_RSA_WITH_AES_256_GCM_SHA384
  - TLS_RSA_WITH_AES_128_GCM_SHA256

The Kubelet began to display the following error:
Oct 14 21:16:32 controlplane kubelet[36330]: I1014 21:16:32.666057 36330 codec.go:100] "Using lenient decoding as strict decoding failed" err="strict decoding error: unknown field \"TLSCipherSuites\""

I checked the Kubernetes documentation Kubelet configuration file, and I found out that the field is called tlsCipherSuites

Using tlsCipherSuites instead fixed the issue.
[PASS] 4.2.13 Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers (Manual)

@CLAassistant
Copy link

CLAassistant commented Oct 14, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@afdesk
Copy link
Collaborator

afdesk commented Oct 15, 2024

@Nezz7 thanks for your contribute!
we'll take a look at this PR!

afdesk
afdesk approved these changes Oct 15, 2024
View reviewed changes
Copy link
Collaborator

@afdesk afdesk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

mozillazg
mozillazg approved these changes Oct 15, 2024
View reviewed changes
Copy link
Collaborator

@mozillazg mozillazg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, Thanks for your contribution!

@afdesk afdesk merged commit fa478ce into aquasecurity:main Oct 16, 2024
5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mozillazg mozillazg mozillazg approved these changes

@afdesk afdesk afdesk approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Nezz7 @CLAassistant @afdesk @mozillazg