Skip to content

Commit 5a033a9

Browse files
author
speruri
committed
security: update default ssl policy
updates the default ssl policy from ELBSecurityPolicy-TLS-1-2-2017-01 to ELBSecurityPolicy-TLS13-1-2-2021-06 Signed-off-by: speruri <[email protected]>
1 parent 5251641 commit 5a033a9

File tree

2 files changed

+3
-3
lines changed

2 files changed

+3
-3
lines changed

cluster/cluster.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -614,7 +614,7 @@ Resources:
614614
Properties:
615615
AlpnPolicy:
616616
- {{ if eq .Cluster.ConfigItems.experimental_nlb_alpn_h2_enabled "true" }}HTTP2Preferred{{else}}None{{end}}
617-
SslPolicy: "ELBSecurityPolicy-TLS-1-2-2017-01"
617+
SslPolicy: "ELBSecurityPolicy-TLS13-1-2-2021-06"
618618
Certificates:
619619
- CertificateArn: "{{.Values.load_balancer_certificate}}"
620620
DefaultActions:
@@ -681,7 +681,7 @@ Resources:
681681
Properties:
682682
AlpnPolicy:
683683
- {{ if eq .Cluster.ConfigItems.experimental_nlb_alpn_h2_enabled "true" }}HTTP2Preferred{{else}}None{{end}}
684-
SslPolicy: "ELBSecurityPolicy-TLS-1-2-2017-01"
684+
SslPolicy: "ELBSecurityPolicy-TLS13-1-2-2021-06"
685685
Certificates:
686686
- CertificateArn: "{{.Values.load_balancer_certificate}}"
687687
DefaultActions:

cluster/config-defaults.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ karpenter_in_transit_support_required: "false"
5252
karpenter_instance_family_t_enabled: "false"
5353

5454
# ALB config created by kube-aws-ingress-controller
55-
kube_aws_ingress_controller_ssl_policy: "ELBSecurityPolicy-TLS-1-2-2017-01"
55+
kube_aws_ingress_controller_ssl_policy: "ELBSecurityPolicy-TLS13-1-2-2021-06"
5656
kube_aws_ingress_controller_idle_timeout: "1m"
5757
kube_aws_ingress_controller_deregistration_delay_timeout: "10s"
5858
# allow using NLBs for ingress

0 commit comments

Comments
 (0)