sGAR ~ 2024.02.02 ~ add in DHE to see if that helps other ciphers, un…

…likely though.
UKHomeOffice · Feb 2, 2024 · f2027a7 · f2027a7
1 parent 38515f2
commit f2027a7
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/ops/kube/public-site-external-ingress.yml b/ops/kube/public-site-external-ingress.yml
@@ -17,7 +17,7 @@ metadata:
     # - that is '!SHA1:!SHA256:!SHA384' part of the cipher string.
     # - From this post: https://security.stackexchange.com/questions/166484/how-to-disable-cbc-mode-ciphers
     # - https://security.stackexchange.com/questions/210072/why-does-ssl-labs-now-consider-cbc-suites-weak
-    ingress.kubernetes.io/ssl-ciphers: '!aNULL:!EXPORT56:!SHA1:!SHA256:!SHA384:EECDH+TLSv1.2+HIGH'
+    ingress.kubernetes.io/ssl-ciphers: '!aNULL:!EXPORT56:!SHA1:!SHA256:!SHA384:EECDH+TLSv1.2+HIGH:DHE+TLSv1.2+HIGH'
     ingress.kubernetes.io/ssl-prefer-server-ciphers: "true"
     ingress.kubernetes.io/ssl-protocols: TLSv1.2 TLSv1.3
 spec: