Skip to content

Commit

Permalink
Merge pull request #977 from vmware-tanzu/topic/zhengxie/v4.2.0/cipher
Browse files Browse the repository at this point in the history
[CP]Remove unapproved ciphers  TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256(#972)
  • Loading branch information
zhengxiexie authored Dec 24, 2024
2 parents b5e9fb6 + 3710cdb commit 53f0db8
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions cmd/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ package main

import (
"context"
"crypto/tls"
"errors"
"fmt"
"os"
Expand Down Expand Up @@ -252,6 +253,12 @@ func startServiceController(mgr manager.Manager, nsxClient *nsx.Client) {
hookServer = webhook.NewServer(webhook.Options{
Port: config.WebhookServerPort,
CertDir: config.WebhookCertDir,
TLSOpts: []func(*tls.Config){
func(cfg *tls.Config) {
cfg.MinVersion = tls.VersionTLS12
cfg.CipherSuites = []uint16{tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}
},
},
})
if err := mgr.Add(hookServer); err != nil {
log.Error(err, "Failed to add hook server")
Expand Down

0 comments on commit 53f0db8

Please sign in to comment.