Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document TLS and crypto settings #4946

Merged
merged 1 commit into from
Aug 23, 2017
Merged

Document TLS and crypto settings #4946

merged 1 commit into from
Aug 23, 2017

Conversation

tiran
Copy link

@tiran tiran commented Aug 7, 2017

@tiran tiran mentioned this pull request Aug 8, 2017
Open
@pweil- pweil- requested a review from adellape August 8, 2017 14:10
@enj
Copy link

enj commented Aug 8, 2017

cc @openshift/security @openshift/sig-security

php-coder
php-coder reviewed Aug 8, 2017
View reviewed changes
architecture/index.adoc Outdated
perhaps better known under its former name "SSL" or by its use in "HTTPS". TLS
provides strong encryption, data integrity, and authentication of servers with
X.509 server certificates and public key infrastructure.
ifdef::openshift-origin,openshift-enterprise,openshift-dedicated[]
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Who is excluded from this list? openshift-online?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, the custom PKI detail is not relevant for openshift-online and ../install_config is not built for it either.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

../install_config isn't built for openshift-dedicated either.

@tiran tiran changed the title [DO-NOT-MERGE] Document TLS and crypto settings Document TLS and crypto settings Aug 8, 2017
@tiran
Copy link
Author

tiran commented Aug 8, 2017

The documentation is going to need another update once I have dealt with openshift/origin#15671 . At the moment some clients use Golang defaults. I like to change that.

@adellape
Copy link
Contributor

@tiran Other than the openshift-dedicated comment, LGTM. What versions of OCP is this PR relevant for?

The documentation is going to need another update once I have dealt with openshift/origin#15671 . At the moment some clients use Golang defaults. I like to change that.

Are you saying you want to get this merged now and follow-up later after openshift/origin#15671 is addressed?

@tiran
Copy link
Author

tiran commented Aug 21, 2017

@adellape Thanks for your review. I amended my PR and addresses three issues

  • I dropped openshift-dedicated from ifdef
  • @enj pointed out that the client may use external crypto libraries in case GSSAPI authentication and OpenPGP signatures are used. The documentation now mentions them.
  • Cipher suites are listed in preferred order.

Yes, I'll follow up later once we have decided how to address openshift/origin#15671.

@adellape adellape added this to the Future Release milestone Aug 23, 2017
@adellape adellape merged commit 658bc1a into openshift:master Aug 23, 2017
@vikram-redhat vikram-redhat modified the milestones: Future Release, Staging Sep 25, 2017
@adellape
Copy link
Contributor

Document: [SCCFSI] publicly document the key configurations and crypto levels in OpenShift's default configuration

@tiran tiran deleted the tls branch October 13, 2017 10:09
@adellape adellape mentioned this pull request Nov 7, 2017
Merged
adellape pushed a commit to adellape/openshift-docs that referenced this pull request Nov 10, 2017
@tiran @adellape
[dedicated-3.7] Document TLS and crypto settings
4051d45 
Trello card: https://trello.com/c/a9egV9TF/62-1-sccfsi-publicly-document-the-key-configurations-and-crypto-levels-in-openshifts-default-configuration

Signed-off-by: Christian Heimes <cheimes@redhat.com>
(cherry picked from commit 3c4e0ae) xref:openshift#4946
@adellape adellape mentioned this pull request Nov 10, 2017
Merged
adellape pushed a commit to adellape/openshift-docs that referenced this pull request Nov 10, 2017
@tiran @adellape
[online-3.7] Document TLS and crypto settings
9abf1c0 
Trello card: https://trello.com/c/a9egV9TF/62-1-sccfsi-publicly-document-the-key-configurations-and-crypto-levels-in-openshifts-default-configuration

Signed-off-by: Christian Heimes <cheimes@redhat.com>
(cherry picked from commit 3c4e0ae) xref:openshift#4946
adellape pushed a commit to adellape/openshift-docs that referenced this pull request Nov 10, 2017
@tiran @adellape
[enterprise-3.7] Document TLS and crypto settings
912cb73 
Trello card: https://trello.com/c/a9egV9TF/62-1-sccfsi-publicly-document-the-key-configurations-and-crypto-levels-in-openshifts-default-configuration

Signed-off-by: Christian Heimes <cheimes@redhat.com>
(cherry picked from commit 3c4e0ae) xref:openshift#4946
This was referenced Nov 10, 2017
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@php-coder php-coder php-coder left review comments

@adellape adellape Awaiting requested review from adellape

Assignees

@adellape adellape

Labels
branch/dedicated branch/enterprise-3.7 branch/online
Projects
None yet
Milestone
OCP 3.7 GA
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@tiran @enj @adellape @php-coder @vikram-redhat