-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document TLS and crypto settings #4946
Conversation
cc @openshift/security @openshift/sig-security |
architecture/index.adoc
Outdated
perhaps better known under its former name "SSL" or by its use in "HTTPS". TLS | ||
provides strong encryption, data integrity, and authentication of servers with | ||
X.509 server certificates and public key infrastructure. | ||
ifdef::openshift-origin,openshift-enterprise,openshift-dedicated[] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Who is excluded from this list? openshift-online?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, the custom PKI detail is not relevant for openshift-online and ../install_config
is not built for it either.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
../install_config
isn't built for openshift-dedicated
either.
The documentation is going to need another update once I have dealt with openshift/origin#15671 . At the moment some clients use Golang defaults. I like to change that. |
@tiran Other than the
Are you saying you want to get this merged now and follow-up later after openshift/origin#15671 is addressed? |
Trello card: https://trello.com/c/a9egV9TF/62-1-sccfsi-publicly-document-the-key-configurations-and-crypto-levels-in-openshifts-default-configuration Signed-off-by: Christian Heimes <cheimes@redhat.com>
@adellape Thanks for your review. I amended my PR and addresses three issues
Yes, I'll follow up later once we have decided how to address openshift/origin#15671. |
Trello card: https://trello.com/c/a9egV9TF/62-1-sccfsi-publicly-document-the-key-configurations-and-crypto-levels-in-openshifts-default-configuration Signed-off-by: Christian Heimes <cheimes@redhat.com> (cherry picked from commit 3c4e0ae) xref:openshift#4946
Trello card: https://trello.com/c/a9egV9TF/62-1-sccfsi-publicly-document-the-key-configurations-and-crypto-levels-in-openshifts-default-configuration Signed-off-by: Christian Heimes <cheimes@redhat.com> (cherry picked from commit 3c4e0ae) xref:openshift#4946
Trello card: https://trello.com/c/a9egV9TF/62-1-sccfsi-publicly-document-the-key-configurations-and-crypto-levels-in-openshifts-default-configuration Signed-off-by: Christian Heimes <cheimes@redhat.com> (cherry picked from commit 3c4e0ae) xref:openshift#4946
Documentation is work-in-progress.
Trello card: https://trello.com/c/a9egV9TF/62-1-sccfsi-publicly-document-the-key-configurations-and-crypto-levels-in-openshifts-default-configuration
Signed-off-by: Christian Heimes cheimes@redhat.com