Skip to content

Commit

Permalink
Add tls_cipher_suite, drop etcd cihper rule
Browse files Browse the repository at this point in the history 
The rule api_server_tls_security_profile sets up a custom security
profile, without specifying ciphers. So we also need to select
api_server_tls_security_profile.

Removing etcd cipher rule, it is not related to transission on public
networks.
  • Loading branch information
@yuumasato
yuumasato committed Jun 19, 2024
1 parent f22b4c0 commit 00cfb09
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion controls/pcidss_4_ocp4.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1254,9 +1254,9 @@ controls:
- tls_version_check_apiserver
- tls_version_check_masters_workers
- tls_version_check_router
- etcd_check_cipher_suite
- api_server_tls_cert
- api_server_tls_security_profile
- api_server_tls_cipher_suites
- ingress_controller_certificate
- ingress_controller_tls_security_profile
- kubelet_configure_tls_min_version
Expand Down

0 comments on commit 00cfb09

Please sign in to comment.