Is there a way to force the Worker nodes (using Docker) to communicate with the leader over a specific TLS version?
I don't believe this is exposed anywhere in our current system
Is this not part of this option? https://docs.cribl.io/stream/securing-and-monitoring/#cyphers
You can pick from the default list - AFAIK.
<@U04NPSXKJKV>: I was checking to see if there was a configuration option for the docker image to set the TLS version to 1.2. I know you can do this while in the GUI, but that won't cut it with a docker image as it'd revert back when it was restarted. The problem we think we have is that there's a security device blocking the use of TLS 1.0 and TLS 1.1 in the network (AWS Gov cloud). The customer doesn't know of anything installed on their system to do this except potentially the Palo Alto firewall, but I haven't see that capability in a Palo FW (I know it can alert, but have never seen any place to block insecure TLS versions).
I would raise a FR in <#CGCU5A18B|feature-request> :slightly_smiling_face:
It may be necessary, but they are considering using EC2 instances instead to get things rolling so that they can at least modify the Min TLS version in the GUI and "have it stick" across restarts.
We're going to run a test using EC2 to see if that resolves the issue and we'll go from there to see what we can do to either file a bug or make a FR.