OpenShift must use TLS 1.2 or greater for secure communication.
An XCCDF Rule
Description
<VulnDiscussion>The authenticity and integrity of the container platform and communication between nodes and components must be secure. If an insecure protocol is used during transmission of data, the data can be intercepted and manipulated. The manipulation of data can be used to inject status changes of the container platform, causing the execution of containers or reporting an incorrect healthcheck. To thwart the manipulation of the data during transmission, a secure protocol (TLS 1.2 or newer) must be used. Further guidance on secure transport protocols can be found in NIST SP 800-52. Satisfies: SRG-APP-000014-CTR-000040, SRG-APP-000560-CTR-001340</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-257506r960759_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Edit each resource and set the TLS Security Profile to Intermediate by executing the following:
oc edit ingresscontroller <NAME> -n <NAMESPACE>
Add the following to the file: