Skip to content

fix: correct TLSCipherSuites to tlsCipherSuites in 4.2.13 #1703

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
afdesk merged 2 commits into from
Oct 16, 2024
Merged

fix: correct TLSCipherSuites to tlsCipherSuites in 4.2.13 #1703

afdesk merged 2 commits into from
Oct 16, 2024

Conversation

@Nezz7
Copy link
Contributor

@Nezz7 Nezz7 commented Oct 14, 2024
edited
Loading

The message in 4.2.13 is misleading as it mentions TLSCipherSuites while the correct field name is called tlsCipherSuites

4.2.13 If using a Kubelet config file, edit the file to set TLSCipherSuites: to
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256
or to a subset of these values.

I updated the kubelet config file to:

...
TLSCipherSuites:
  - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
  - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
  - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
  - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  - TLS_RSA_WITH_AES_256_GCM_SHA384
  - TLS_RSA_WITH_AES_128_GCM_SHA256

The Kubelet began to display the following error:
Oct 14 21:16:32 controlplane kubelet[36330]: I1014 21:16:32.666057 36330 codec.go:100] "Using lenient decoding as strict decoding failed" err="strict decoding error: unknown field \"TLSCipherSuites\""

I checked the Kubernetes documentation Kubelet configuration file, and I found out that the field is called tlsCipherSuites

Using tlsCipherSuites instead fixed the issue.
[PASS] 4.2.13 Ensure that the Kubelet only makes use of Strong Cryptographic Ciphers (Manual)

@CLAassistant
Copy link

CLAassistant commented Oct 14, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@afdesk
Copy link
Collaborator

afdesk commented Oct 15, 2024

@Nezz7 thanks for your contribute!
we'll take a look at this PR!

afdesk
afdesk approved these changes Oct 15, 2024
View reviewed changes
Copy link
Collaborator

@afdesk afdesk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

mozillazg
mozillazg approved these changes Oct 15, 2024
View reviewed changes
Copy link
Contributor

@mozillazg mozillazg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, Thanks for your contribution!

@afdesk afdesk merged commit fa478ce into aquasecurity:main Oct 16, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@afdesk afdesk afdesk approved these changes

+1 more reviewer

@mozillazg mozillazg mozillazg approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Nezz7 @CLAassistant @afdesk @mozillazg