Information
Ensure that the API server is configured to only use strong cryptographic ciphers.
Rationale:
TLS ciphers have had a number of known vulnerabilities and weaknesses, which can reduce the protection provided by them. By default Kubernetes supports a number of TLS ciphersuites including some that have security concerns, weakening the protection provided.
Impact:
API server clients that cannot support the custom cryptographic ciphers will not be able to make connections to the API server.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Follow the directions above and in the OpenShift documentation Configuring Ingress.
Default Value:
By default, the TLS cipher value for the ingress controller is based on the apiservers.config.openshift.io/cluster resource.