CIS Kubernetes Benchmark v1.10.0 - 1.2.29

1 votes

In 1.2.29 Ensure that the API Server only makes use of Strong Cryptographic Ciphers the benchmark recommends to use some insecure ciphers.

Please compare with
https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/
parameter --tls-cipher-suites - Insecure values

Also compare with
https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices#23-use-secure-cipher-suites
64-bit block cipher (3DES / DES / RC2 / IDEA) are weak.

Done Benchmark Community Suggestion Suggested by: Vitali Henrichs (16 May, '24) • Upvoted: 16 May, '24 • Comments: 1

Comments: 1
Oldest • Newest • Most likes • Fewest likes

20 May, '24
Moderator Admin
Highlighted comment

Hi Vitali

Thanks for your comment and suggestion. For specific Benchmark recommendation suggestions, we ask that those be posted to the applicable Benchmark community on CIS Workbench (https://workbench.cisecurity.org/communities/43) That the place that experts gather to provide input for improving existing Benchmarks.

Thanks again

Chris