From 00cfb09fdfc353392fdc23523dee02233a18f2b4 Mon Sep 17 00:00:00 2001
From: Watson Sato <wsato@redhat.com>
Date: Mon, 10 Jun 2024 14:40:11 +0200
Subject: [PATCH] Add tls_cipher_suite, drop etcd cihper rule

The rule api_server_tls_security_profile sets up a custom security
profile, without specifying ciphers. So we also need to select
api_server_tls_security_profile.

Removing etcd cipher rule, it is not related to transission on public
networks.
---
 controls/pcidss_4_ocp4.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/controls/pcidss_4_ocp4.yml b/controls/pcidss_4_ocp4.yml
index c3402c25afd..4706f9c0cbf 100644
--- a/controls/pcidss_4_ocp4.yml
+++ b/controls/pcidss_4_ocp4.yml
@@ -1254,9 +1254,9 @@ controls:
         - tls_version_check_apiserver
         - tls_version_check_masters_workers
         - tls_version_check_router
-        - etcd_check_cipher_suite
         - api_server_tls_cert
         - api_server_tls_security_profile
+        - api_server_tls_cipher_suites
         - ingress_controller_certificate
         - ingress_controller_tls_security_profile
         - kubelet_configure_tls_min_version