Description
When a user configures a new cluster the minimum TLS version should be set to TLS 1.2
From looking at https://en.wikipedia.org/wiki/Transport_Layer_Security :
"The PCI Council suggested that organizations migrate from TLS 1.0 to TLS 1.1 or higher before June 30, 2018.[24][25] In October 2018, Apple, Google, Microsoft, and Mozilla jointly announced they would deprecate TLS 1.0 and 1.1 in March 2020.[11]"
Given that an operator can change this we should be "secure by default" and "force" the operator to explicitly open the door for old and deprecated security layers.
Attachments
Issue Links
For Gerrit Dashboard: MB-41794 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
143754,3 | MB-41794: Use minimum TLS1.2 by default | master | ns_server | Status: MERGED | +2 | +1 |