We have updated our Terms of Service, Code of Conduct, and Addendum.

Forcing the Worker nodes (using Docker) to communicate with the leader over a specific TLS version?

Is there a way to force the Worker nodes (using Docker) to communicate with the leader over a specific TLS version?

Answers

  • Jon Rust
    Jon Rust Posts: 427 mod

    I don't believe this is exposed anywhere in our current system

  • You can pick from the default list - AFAIK.

  • dritan
    dritan Posts: 51 mod

    <@U04NPSXKJKV&gt;: I was checking to see if there was a configuration option for the docker image to set the TLS version to 1.2. I know you can do this while in the GUI, but that won't cut it with a docker image as it'd revert back when it was restarted. The problem we think we have is that there's a security device blocking the use of TLS 1.0 and TLS 1.1 in the network (AWS Gov cloud). The customer doesn't know of anything installed on their system to do this except potentially the Palo Alto firewall, but I haven't see that capability in a Palo FW (I know it can alert, but have never seen any place to block insecure TLS versions).

  • I would raise a FR in <#CGCU5A18B|feature-request> :slightly_smiling_face:

  • dritan
    dritan Posts: 51 mod

    It may be necessary, but they are considering using EC2 instances instead to get things rolling so that they can at least modify the Min TLS version in the GUI and "have it stick" across restarts.

  • dritan
    dritan Posts: 51 mod

    We're going to run a test using EC2 to see if that resolves the issue and we'll go from there to see what we can do to either file a bug or make a FR.