Skip to content

Commit de3d7a6

Browse files
damdodamdo
committed
make update
1 parent 7a32d6d commit de3d7a6

20 files changed

Lines changed: 201 additions & 411 deletions

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-CustomNoUpgrade.crd.yaml

Lines changed: 10 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -316,11 +316,14 @@ spec:
316316
ciphers:
317317
description: |-
318318
ciphers is used to specify the cipher algorithms that are negotiated
319-
during the TLS handshake. Operators may remove entries their operands
320-
do not support. For example, to use DES-CBC3-SHA (yaml):
319+
during the TLS handshake. Operators may remove entries that their operands
320+
do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):
321321
322322
ciphers:
323-
- DES-CBC3-SHA
323+
- ECDHE-RSA-AES128-GCM-SHA256
324+
325+
TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable
326+
and are always enabled when TLS 1.3 is negotiated.
324327
items:
325328
type: string
326329
type: array
@@ -345,9 +348,6 @@ spec:
345348
legacy clients and want to remain highly secure while being compatible with
346349
most clients currently in use.
347350
348-
The cipher list includes TLS 1.3 ciphers for forward compatibility, followed
349-
by the "intermediate" profile ciphers.
350-
351351
This profile is equivalent to a Custom profile specified as:
352352
minTLSVersion: VersionTLS12
353353
ciphers:
@@ -360,8 +360,6 @@ spec:
360360
- ECDHE-RSA-AES256-GCM-SHA384
361361
- ECDHE-ECDSA-CHACHA20-POLY1305
362362
- ECDHE-RSA-CHACHA20-POLY1305
363-
- DHE-RSA-AES128-GCM-SHA256
364-
- DHE-RSA-AES256-GCM-SHA384
365363
nullable: true
366364
type: object
367365
modern:
@@ -382,9 +380,6 @@ spec:
382380
old is a TLS profile for use when services need to be accessed by very old
383381
clients or libraries and should be used only as a last resort.
384382
385-
The cipher list includes TLS 1.3 ciphers for forward compatibility, followed
386-
by the "old" profile ciphers.
387-
388383
This profile is equivalent to a Custom profile specified as:
389384
minTLSVersion: VersionTLS10
390385
ciphers:
@@ -397,23 +392,15 @@ spec:
397392
- ECDHE-RSA-AES256-GCM-SHA384
398393
- ECDHE-ECDSA-CHACHA20-POLY1305
399394
- ECDHE-RSA-CHACHA20-POLY1305
400-
- DHE-RSA-AES128-GCM-SHA256
401-
- DHE-RSA-AES256-GCM-SHA384
402-
- DHE-RSA-CHACHA20-POLY1305
403395
- ECDHE-ECDSA-AES128-SHA256
404396
- ECDHE-RSA-AES128-SHA256
405397
- ECDHE-ECDSA-AES128-SHA
406398
- ECDHE-RSA-AES128-SHA
407-
- ECDHE-ECDSA-AES256-SHA384
408-
- ECDHE-RSA-AES256-SHA384
409399
- ECDHE-ECDSA-AES256-SHA
410400
- ECDHE-RSA-AES256-SHA
411-
- DHE-RSA-AES128-SHA256
412-
- DHE-RSA-AES256-SHA256
413401
- AES128-GCM-SHA256
414402
- AES256-GCM-SHA384
415403
- AES128-SHA256
416-
- AES256-SHA256
417404
- AES128-SHA
418405
- AES256-SHA
419406
- DES-CBC3-SHA
@@ -424,9 +411,10 @@ spec:
424411
type is one of Old, Intermediate, Modern or Custom. Custom provides the
425412
ability to specify individual TLS security profile parameters.
426413
427-
The profiles are currently based on version 5.0 of the Mozilla Server Side TLS
428-
configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for
429-
forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json
414+
The profiles are based on version 5.7 of the Mozilla Server Side TLS
415+
configuration guidelines. The cipher lists consist of the configuration's
416+
"ciphersuites" followed by the Go-specific "ciphers" from the guidelines.
417+
See: https://ssl-config.mozilla.org/guidelines/5.7.json
430418
431419
The profiles are intent based, so they may change over time as new ciphers are
432420
developed and existing ciphers are found to be insecure. Depending on

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-Default.crd.yaml

Lines changed: 10 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -247,11 +247,14 @@ spec:
247247
ciphers:
248248
description: |-
249249
ciphers is used to specify the cipher algorithms that are negotiated
250-
during the TLS handshake. Operators may remove entries their operands
251-
do not support. For example, to use DES-CBC3-SHA (yaml):
250+
during the TLS handshake. Operators may remove entries that their operands
251+
do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):
252252
253253
ciphers:
254-
- DES-CBC3-SHA
254+
- ECDHE-RSA-AES128-GCM-SHA256
255+
256+
TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable
257+
and are always enabled when TLS 1.3 is negotiated.
255258
items:
256259
type: string
257260
type: array
@@ -276,9 +279,6 @@ spec:
276279
legacy clients and want to remain highly secure while being compatible with
277280
most clients currently in use.
278281
279-
The cipher list includes TLS 1.3 ciphers for forward compatibility, followed
280-
by the "intermediate" profile ciphers.
281-
282282
This profile is equivalent to a Custom profile specified as:
283283
minTLSVersion: VersionTLS12
284284
ciphers:
@@ -291,8 +291,6 @@ spec:
291291
- ECDHE-RSA-AES256-GCM-SHA384
292292
- ECDHE-ECDSA-CHACHA20-POLY1305
293293
- ECDHE-RSA-CHACHA20-POLY1305
294-
- DHE-RSA-AES128-GCM-SHA256
295-
- DHE-RSA-AES256-GCM-SHA384
296294
nullable: true
297295
type: object
298296
modern:
@@ -313,9 +311,6 @@ spec:
313311
old is a TLS profile for use when services need to be accessed by very old
314312
clients or libraries and should be used only as a last resort.
315313
316-
The cipher list includes TLS 1.3 ciphers for forward compatibility, followed
317-
by the "old" profile ciphers.
318-
319314
This profile is equivalent to a Custom profile specified as:
320315
minTLSVersion: VersionTLS10
321316
ciphers:
@@ -328,23 +323,15 @@ spec:
328323
- ECDHE-RSA-AES256-GCM-SHA384
329324
- ECDHE-ECDSA-CHACHA20-POLY1305
330325
- ECDHE-RSA-CHACHA20-POLY1305
331-
- DHE-RSA-AES128-GCM-SHA256
332-
- DHE-RSA-AES256-GCM-SHA384
333-
- DHE-RSA-CHACHA20-POLY1305
334326
- ECDHE-ECDSA-AES128-SHA256
335327
- ECDHE-RSA-AES128-SHA256
336328
- ECDHE-ECDSA-AES128-SHA
337329
- ECDHE-RSA-AES128-SHA
338-
- ECDHE-ECDSA-AES256-SHA384
339-
- ECDHE-RSA-AES256-SHA384
340330
- ECDHE-ECDSA-AES256-SHA
341331
- ECDHE-RSA-AES256-SHA
342-
- DHE-RSA-AES128-SHA256
343-
- DHE-RSA-AES256-SHA256
344332
- AES128-GCM-SHA256
345333
- AES256-GCM-SHA384
346334
- AES128-SHA256
347-
- AES256-SHA256
348335
- AES128-SHA
349336
- AES256-SHA
350337
- DES-CBC3-SHA
@@ -355,9 +342,10 @@ spec:
355342
type is one of Old, Intermediate, Modern or Custom. Custom provides the
356343
ability to specify individual TLS security profile parameters.
357344
358-
The profiles are currently based on version 5.0 of the Mozilla Server Side TLS
359-
configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for
360-
forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json
345+
The profiles are based on version 5.7 of the Mozilla Server Side TLS
346+
configuration guidelines. The cipher lists consist of the configuration's
347+
"ciphersuites" followed by the Go-specific "ciphers" from the guidelines.
348+
See: https://ssl-config.mozilla.org/guidelines/5.7.json
361349
362350
The profiles are intent based, so they may change over time as new ciphers are
363351
developed and existing ciphers are found to be insecure. Depending on

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-DevPreviewNoUpgrade.crd.yaml

Lines changed: 10 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -316,11 +316,14 @@ spec:
316316
ciphers:
317317
description: |-
318318
ciphers is used to specify the cipher algorithms that are negotiated
319-
during the TLS handshake. Operators may remove entries their operands
320-
do not support. For example, to use DES-CBC3-SHA (yaml):
319+
during the TLS handshake. Operators may remove entries that their operands
320+
do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):
321321
322322
ciphers:
323-
- DES-CBC3-SHA
323+
- ECDHE-RSA-AES128-GCM-SHA256
324+
325+
TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable
326+
and are always enabled when TLS 1.3 is negotiated.
324327
items:
325328
type: string
326329
type: array
@@ -345,9 +348,6 @@ spec:
345348
legacy clients and want to remain highly secure while being compatible with
346349
most clients currently in use.
347350
348-
The cipher list includes TLS 1.3 ciphers for forward compatibility, followed
349-
by the "intermediate" profile ciphers.
350-
351351
This profile is equivalent to a Custom profile specified as:
352352
minTLSVersion: VersionTLS12
353353
ciphers:
@@ -360,8 +360,6 @@ spec:
360360
- ECDHE-RSA-AES256-GCM-SHA384
361361
- ECDHE-ECDSA-CHACHA20-POLY1305
362362
- ECDHE-RSA-CHACHA20-POLY1305
363-
- DHE-RSA-AES128-GCM-SHA256
364-
- DHE-RSA-AES256-GCM-SHA384
365363
nullable: true
366364
type: object
367365
modern:
@@ -382,9 +380,6 @@ spec:
382380
old is a TLS profile for use when services need to be accessed by very old
383381
clients or libraries and should be used only as a last resort.
384382
385-
The cipher list includes TLS 1.3 ciphers for forward compatibility, followed
386-
by the "old" profile ciphers.
387-
388383
This profile is equivalent to a Custom profile specified as:
389384
minTLSVersion: VersionTLS10
390385
ciphers:
@@ -397,23 +392,15 @@ spec:
397392
- ECDHE-RSA-AES256-GCM-SHA384
398393
- ECDHE-ECDSA-CHACHA20-POLY1305
399394
- ECDHE-RSA-CHACHA20-POLY1305
400-
- DHE-RSA-AES128-GCM-SHA256
401-
- DHE-RSA-AES256-GCM-SHA384
402-
- DHE-RSA-CHACHA20-POLY1305
403395
- ECDHE-ECDSA-AES128-SHA256
404396
- ECDHE-RSA-AES128-SHA256
405397
- ECDHE-ECDSA-AES128-SHA
406398
- ECDHE-RSA-AES128-SHA
407-
- ECDHE-ECDSA-AES256-SHA384
408-
- ECDHE-RSA-AES256-SHA384
409399
- ECDHE-ECDSA-AES256-SHA
410400
- ECDHE-RSA-AES256-SHA
411-
- DHE-RSA-AES128-SHA256
412-
- DHE-RSA-AES256-SHA256
413401
- AES128-GCM-SHA256
414402
- AES256-GCM-SHA384
415403
- AES128-SHA256
416-
- AES256-SHA256
417404
- AES128-SHA
418405
- AES256-SHA
419406
- DES-CBC3-SHA
@@ -424,9 +411,10 @@ spec:
424411
type is one of Old, Intermediate, Modern or Custom. Custom provides the
425412
ability to specify individual TLS security profile parameters.
426413
427-
The profiles are currently based on version 5.0 of the Mozilla Server Side TLS
428-
configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for
429-
forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json
414+
The profiles are based on version 5.7 of the Mozilla Server Side TLS
415+
configuration guidelines. The cipher lists consist of the configuration's
416+
"ciphersuites" followed by the Go-specific "ciphers" from the guidelines.
417+
See: https://ssl-config.mozilla.org/guidelines/5.7.json
430418
431419
The profiles are intent based, so they may change over time as new ciphers are
432420
developed and existing ciphers are found to be insecure. Depending on

config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_apiservers-OKD.crd.yaml

Lines changed: 10 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -247,11 +247,14 @@ spec:
247247
ciphers:
248248
description: |-
249249
ciphers is used to specify the cipher algorithms that are negotiated
250-
during the TLS handshake. Operators may remove entries their operands
251-
do not support. For example, to use DES-CBC3-SHA (yaml):
250+
during the TLS handshake. Operators may remove entries that their operands
251+
do not support. For example, to use only ECDHE-RSA-AES128-GCM-SHA256 (yaml):
252252
253253
ciphers:
254-
- DES-CBC3-SHA
254+
- ECDHE-RSA-AES128-GCM-SHA256
255+
256+
TLS 1.3 cipher suites (e.g. TLS_AES_128_GCM_SHA256) are not configurable
257+
and are always enabled when TLS 1.3 is negotiated.
255258
items:
256259
type: string
257260
type: array
@@ -276,9 +279,6 @@ spec:
276279
legacy clients and want to remain highly secure while being compatible with
277280
most clients currently in use.
278281
279-
The cipher list includes TLS 1.3 ciphers for forward compatibility, followed
280-
by the "intermediate" profile ciphers.
281-
282282
This profile is equivalent to a Custom profile specified as:
283283
minTLSVersion: VersionTLS12
284284
ciphers:
@@ -291,8 +291,6 @@ spec:
291291
- ECDHE-RSA-AES256-GCM-SHA384
292292
- ECDHE-ECDSA-CHACHA20-POLY1305
293293
- ECDHE-RSA-CHACHA20-POLY1305
294-
- DHE-RSA-AES128-GCM-SHA256
295-
- DHE-RSA-AES256-GCM-SHA384
296294
nullable: true
297295
type: object
298296
modern:
@@ -313,9 +311,6 @@ spec:
313311
old is a TLS profile for use when services need to be accessed by very old
314312
clients or libraries and should be used only as a last resort.
315313
316-
The cipher list includes TLS 1.3 ciphers for forward compatibility, followed
317-
by the "old" profile ciphers.
318-
319314
This profile is equivalent to a Custom profile specified as:
320315
minTLSVersion: VersionTLS10
321316
ciphers:
@@ -328,23 +323,15 @@ spec:
328323
- ECDHE-RSA-AES256-GCM-SHA384
329324
- ECDHE-ECDSA-CHACHA20-POLY1305
330325
- ECDHE-RSA-CHACHA20-POLY1305
331-
- DHE-RSA-AES128-GCM-SHA256
332-
- DHE-RSA-AES256-GCM-SHA384
333-
- DHE-RSA-CHACHA20-POLY1305
334326
- ECDHE-ECDSA-AES128-SHA256
335327
- ECDHE-RSA-AES128-SHA256
336328
- ECDHE-ECDSA-AES128-SHA
337329
- ECDHE-RSA-AES128-SHA
338-
- ECDHE-ECDSA-AES256-SHA384
339-
- ECDHE-RSA-AES256-SHA384
340330
- ECDHE-ECDSA-AES256-SHA
341331
- ECDHE-RSA-AES256-SHA
342-
- DHE-RSA-AES128-SHA256
343-
- DHE-RSA-AES256-SHA256
344332
- AES128-GCM-SHA256
345333
- AES256-GCM-SHA384
346334
- AES128-SHA256
347-
- AES256-SHA256
348335
- AES128-SHA
349336
- AES256-SHA
350337
- DES-CBC3-SHA
@@ -355,9 +342,10 @@ spec:
355342
type is one of Old, Intermediate, Modern or Custom. Custom provides the
356343
ability to specify individual TLS security profile parameters.
357344
358-
The profiles are currently based on version 5.0 of the Mozilla Server Side TLS
359-
configuration guidelines (released 2019-06-28) with TLS 1.3 ciphers added for
360-
forward compatibility. See: https://ssl-config.mozilla.org/guidelines/5.0.json
345+
The profiles are based on version 5.7 of the Mozilla Server Side TLS
346+
configuration guidelines. The cipher lists consist of the configuration's
347+
"ciphersuites" followed by the Go-specific "ciphers" from the guidelines.
348+
See: https://ssl-config.mozilla.org/guidelines/5.7.json
361349
362350
The profiles are intent based, so they may change over time as new ciphers are
363351
developed and existing ciphers are found to be insecure. Depending on

0 commit comments

Comments
 (0)