2022-04-29 20:14:37 |
Chris Johnston |
bug |
|
|
added bug |
2022-04-29 20:15:09 |
Chris Johnston |
bug task added |
|
etcd-snaps |
|
2022-04-29 20:16:40 |
Chris Johnston |
description |
etcd as provided by the snap and charm utilized the default TLS ciphers as provided by Go. This currently allows for weak ciphers to still be used by default (TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA). This was discussed in depth in an issue upstream [1], in which a change has been made to allow for passing `--cipher-suites` to override the defaults provided by Go.
With this, the snap and the charm should be updated to support a user defined cipher-suites config option which is then passed on to the snap.
[1] https://github.com/etcd-io/etcd/issues/8320 |
etcd as provided by the snap and charm utilized the default TLS ciphers as provided by Go. This currently allows for weak ciphers to still be used by default (TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA [1]). This was discussed in depth in an issue upstream [2], in which a change has been made to allow for passing `--cipher-suites` to override the defaults provided by Go.
With this, the snap and the charm should be updated to support a user defined cipher-suites config option which is then passed on to the snap.
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2183
[2] https://github.com/etcd-io/etcd/issues/8320 |
|
2022-05-05 07:51:11 |
Chris Johnston |
information type |
Public |
Public Security |
|
2022-05-19 23:17:08 |
Chris Johnston |
etcd-snaps: status |
New |
Invalid |
|
2022-05-19 23:17:12 |
Chris Johnston |
charm-etcd: status |
New |
In Progress |
|
2022-05-19 23:17:14 |
Chris Johnston |
charm-etcd: assignee |
|
Chris Johnston (cjohnston) |
|
2022-05-20 00:54:38 |
Nobuto Murata |
bug |
|
|
added subscriber Nobuto Murata |
2022-05-20 18:37:49 |
Chris Johnston |
charm-etcd: status |
In Progress |
Fix Committed |
|
2022-05-23 14:11:50 |
George Kraft |
charm-etcd: milestone |
|
1.24+ck1 |
|
2022-05-25 05:06:45 |
Nobuto Murata |
bug task added |
|
charm-kubernetes-master |
|
2022-05-25 05:10:39 |
Nobuto Murata |
attachment added |
|
k8s-control-plane_default.html https://bugs.launchpad.net/charm-kubernetes-master/+bug/1970993/+attachment/5592769/+files/k8s-control-plane_default.html |
|
2022-05-25 05:10:54 |
Nobuto Murata |
attachment added |
|
report_intermediate_ciphers.html https://bugs.launchpad.net/charm-kubernetes-master/+bug/1970993/+attachment/5592770/+files/report_intermediate_ciphers.html |
|
2022-05-30 08:20:52 |
Nobuto Murata |
bug |
|
|
added subscriber Canonical Field Medium |
2022-05-31 14:36:19 |
Nobuto Murata |
charm-kubernetes-master: status |
New |
Fix Committed |
|
2022-05-31 14:36:22 |
Nobuto Murata |
charm-kubernetes-master: assignee |
|
Nobuto Murata (nobuto) |
|
2022-05-31 14:55:49 |
George Kraft |
charm-kubernetes-master: milestone |
|
1.24+ck1 |
|
2022-05-31 14:55:55 |
George Kraft |
tags |
|
backport-needed |
|
2022-05-31 14:56:26 |
George Kraft |
charm-etcd: importance |
Undecided |
High |
|
2022-05-31 14:56:28 |
George Kraft |
charm-kubernetes-master: importance |
Undecided |
High |
|
2022-08-01 19:38:44 |
Adam Dyess |
tags |
backport-needed |
|
|
2022-08-04 17:47:47 |
Adam Dyess |
charm-etcd: status |
Fix Committed |
Fix Released |
|
2022-08-04 17:59:34 |
Adam Dyess |
charm-kubernetes-master: status |
Fix Committed |
Fix Released |
|