Force TLS 1.2/1.3 support for Kubernetes access.
search cancel

Force TLS 1.2/1.3 support for Kubernetes access.


Article ID: 225693


Updated On:


CA Application Performance Management (APM / Wily / Introscope)


A workaround to support TLS 1.2 & 1.3 for OI running on a Kubernetes Cluster.


Installed Kubernetes cluster and DX OI on a company site.
Customer came back saying that their security scan flagged all the nodes in the cluster. The nodes were responding to TLSv1.0, TLSv1.2, SSLv1, SSLv2. However, their corporate policy only allows SSLv3, TLSv1.2. If someone else runs into similar situation, this is the workaround used:

NGINX Ingress Controller by default responds to all TLS and SSL versions. To limit to a subset of protocols, edit nginx-config ConfigMap and restart all Ingress Controller pods.

kubectl -n nginx-ingress edit cm nginx-config -o yaml

Add below lines at the end (or append to existing "data:" section):

data: ssl-protocols: SSLv3 TLSv1.2 # no comma in between

Save the edits to ConfigMap and restart the pods

for pod in $(kubectl -n nginx-ingress get pods | awk '{ print $1 }'); do kubectl -n nginx-ingress delete $pod; done