Home > front end >  Disabling weak ciphers on OpenShift router
Disabling weak ciphers on OpenShift router

Time:11-29

I'm trying to disabling CBC ciphers on an Openshift Router (v 3.11) by editing the yaml file, but i can't find out how to setup the ROUTER_CIPHERS (want to set the value to modern) environment variable on the router level.

Any tips on the yaml structure to achieve this? Where sould the env variables be placed?

Some doc that i've already checked:

https://docs.openshift.com/container-platform/3.11/install_config/router/default_haproxy_router.html#bind-ciphers

https://docs.openshift.com/container-platform/3.11/architecture/networking/routes.html#ciphers

CodePudding user response:

You can use the oc set env command so set an environment variable in your Router DeploymentConfig (named "router" in my case):

oc set env dc/router ROUTER_CIPHERS=intermediate

or

oc set env dc/router ROUTER_CIPHERS=modern

The available profiles come from your second link. This will result in the environment variable being added to the spec.container.env field for the Router container.

  • Related