Prevent TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)

ssl kubernetes vulnerabilities

Solution 1:

The cipher suites can be set via cipher-suites parameter:

$ etcd \
  --cipher-suites TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

According to here those cipher suites should be secure.

Edit :

For fixing this in running etcd in Kubernetes on Ubuntu-18.04 LTE.

edit : /etc/etcd.env add this line :

ETCD_CIPHER_SUITES=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Related

What does the option passed at the end of the Systemd command mean?
Storing Backups on Google Cloud (free/lowcost how ?)
HTTP downloads stop after some time, resuming is not possible
Why am i encoutering a split brain issue in keepalived?
Axway Tumbleweed Desktop Validator unable to validate certificate?
Opening up an local network with DHCP whith own IP-segment
Dell PowerEdge R540 Installing RHEL 5.3 Legacy OS on new hardware
How to use previously downloaded ica file for connecting again in citrix?
Process to migrate DNS and DHCP from on-premise, Windows domain controller
Where should init scripts be placed in Amazon Linux 2?
Map-Reduce performance in MongoDb 2.2, 2.4, and 2.6
Replace image in word doc using OpenXML