Comment 0 for bug 1970993

etcd as provided by the snap and charm utilized the default TLS ciphers as provided by Go. This currently allows for weak ciphers to still be used by default (TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA). This was discussed in depth in an issue upstream [1], in which a change has been made to allow for passing `--cipher-suites` to override the defaults provided by Go.

With this, the snap and the charm should be updated to support a user defined cipher-suites config option which is then passed on to the snap.

[1] https://github.com/etcd-io/etcd/issues/8320