File tree Expand file tree Collapse file tree 1 file changed +6
-0
lines changed Expand file tree Collapse file tree 1 file changed +6
-0
lines changed Original file line number Diff line number Diff line change @@ -24,6 +24,7 @@ import (
2424 "github.com/openshift/library-go/pkg/authorization/hardcodedauthorizer"
2525 "github.com/openshift/library-go/pkg/config/configdefaults"
2626 "github.com/openshift/library-go/pkg/config/serving"
27+ "github.com/openshift/library-go/pkg/crypto"
2728 "k8s.io/apiserver/pkg/authorization/authorizer"
2829 "k8s.io/apiserver/pkg/authorization/union"
2930 genericapiserver "k8s.io/apiserver/pkg/server"
@@ -73,6 +74,11 @@ func (s *Server) Run(ctx context.Context, collectionProfilesEnabled bool) error
7374 // Don't set a CA file for client certificates because the CA is read from
7475 // the kube-system/extension-apiserver-authentication ConfigMap.
7576 servingInfo .ServingInfo .ClientCA = ""
77+ // Use intermediate TLS profile cipher suites to avoid insecure cipher warnings
78+ // Convert OpenSSL cipher names to IANA names for Kubernetes validation
79+ intermediateTLSProfile := configv1 .TLSProfiles [configv1 .TLSProfileIntermediateType ]
80+ servingInfo .ServingInfo .CipherSuites = crypto .OpenSSLToIANACipherSuites (intermediateTLSProfile .Ciphers )
81+ servingInfo .ServingInfo .MinTLSVersion = string (intermediateTLSProfile .MinTLSVersion )
7682
7783 serverConfig , err := serving .ToServerConfig (
7884 ctx ,
You can’t perform that action at this time.
![openshift-merge-bot[bot]](https://avatars.githubusercontent.com/in/412865?v=4&size=40){kind=avatar}
0 commit comments