-
|
When we try to pass the cipher suites in command line, its allowing those ciphers only. However when we are enabling those ciphers in the etcd config its not taking effect. Its ignoring the cipher content in the config file. Kindly help in share if any other methods/mechanisms to enable particular ciphers in etcd config. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
Hi @srbgit123 - Thanks for raising this, to help us answer this question can you please post a snippet of your config file showing how you are defining the cipher suites? I.e. something like: # etcd configuration file
# Disable TLS 1.0 and TLS 1.1
ssl_min_version: "TLSv1.2"
# Specify the list of ciphers and their priority
cipher_suites: [
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
]One thing to check is that you are representing the suites as an array with the square brackets. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks a lot jmhbnz for the response. The suggested solution works with slight modification as cipher-suites instead of cipher_suites. |
Beta Was this translation helpful? Give feedback.
-
|
A quick note that I have raised #15576 to add |
Beta Was this translation helpful? Give feedback.
Hi @srbgit123 - Thanks for raising this, to help us answer this question can you please post a snippet of your config file showing how you are defining the cipher suites?
I.e. something like:
One thing to check is that you are representing the suites as an array with the square brackets.