Ensure TLS v1.2 is minimum for Openshift Router

An XCCDF Rule

Description

Verify tls version for the Openshift Router.

warning alert: Warning

This rule's check operates on the cluster configuration dump. Therefore, you need to use a tool that can query the OCP API, retrieve the following:

/apis/apps/v1/namespaces/openshift-ingress/deployments/router-default API endpoint, filter with with the jq utility using the following filter .spec.template.spec.containers[0].env[] | select(.name == "SSL_MIN_VERSION") and persist it to the local /apis/apps/v1/namespaces/openshift-ingress/deployments/router-default#aa685c2fe85cfde2ec878952fdd5e72b0824bdaccd1063efcfc29fea8137840c file.

Rationale

Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The system must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated.

ID: xccdf_org.ssgproject.content_rule_tls_version_check_router
Severity: Medium
References: Req-4.1

CCE-85865-4
Updated: about 1 year ago