LATEST ANSWERS

RE: Err connection timeout in GCP websites By andersonrubio - on December 11, 2020
Hello! We have exactly the same problem, our site https://recorvet.com/ can't be accessed by a few minutes (is intermittent) from...
RE : gammu 1.42, gammu-smsd service error, LD_LIBRARY_PATH not found By Deshawnmariyolanda - on October 26, 2020
There is an other way to fix this issue by: Add a new file as gammu-smsd-1.42.0-x86_64.conf under /etc/ld.so.conf.d only one...
RE : gammu 1.42, gammu-smsd service error, LD_LIBRARY_PATH not found By Edgarroseelvira - on October 26, 2020
/etc/profile is used by shells like bash; it is not used to set up the environment for systemd services. To...
RE : CentOS 7 yum “database is locked” By Kennithwarrengracie - on October 26, 2020
check this post from centos forum . This post looks similar to your issue.
RE : Warning: Unnecessary HSTS header over HTTP By Richdorthyjacklyn - on October 26, 2020
You can conditionally set headers using env= Header always set Strict-Transport-Security "..." env=HTTPS (you can use both always and env=...
RE : How long it will take a newly registered Domain Name in Route53 to work? By Keenanaddiejosefa - on October 26, 2020
DNS propagation usually takes up to 72 hours: When an IP address, or any other information about a hostname, is...
RE : Prevent TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32) By Jerrynoetia - on October 26, 2020
The cipher suites can be set via cipher-suites parameter: $ etcd \ --cipher-suites TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 According to here thoses cipher suites...
RE : How to allow new users as default access Remote Desktop By Alfredomarifrankie - on October 25, 2020
On the server in question, open control panel and go into “System and Security” then click “Allow remote access”. At...

- Questions
- Tags
- Badges
- Categories
- Users
LATEST ANSWERS
- RE: Err connection timeout in GCP websites By andersonrubio - on December 11, 2020
  Hello! We have exactly the same problem, our site https://recorvet.com/ can't be accessed by a few minutes (is intermittent) from...
- RE : gammu 1.42, gammu-smsd service error, LD_LIBRARY_PATH not found By Deshawnmariyolanda - on October 26, 2020
  There is an other way to fix this issue by: Add a new file as gammu-smsd-1.42.0-x86_64.conf under /etc/ld.so.conf.d only one...
- RE : gammu 1.42, gammu-smsd service error, LD_LIBRARY_PATH not found By Edgarroseelvira - on October 26, 2020
  /etc/profile is used by shells like bash; it is not used to set up the environment for systemd services. To...
- RE : CentOS 7 yum “database is locked” By Kennithwarrengracie - on October 26, 2020
  check this post from centos forum . This post looks similar to your issue.
- RE : Warning: Unnecessary HSTS header over HTTP By Richdorthyjacklyn - on October 26, 2020
  You can conditionally set headers using env= Header always set Strict-Transport-Security "..." env=HTTPS (you can use both always and env=...
- RE : How long it will take a newly registered Domain Name in Route53 to work? By Keenanaddiejosefa - on October 26, 2020
  DNS propagation usually takes up to 72 hours: When an IP address, or any other information about a hostname, is...
- RE : Prevent TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32) By Jerrynoetia - on October 26, 2020
  The cipher suites can be set via cipher-suites parameter: $ etcd \ --cipher-suites TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 According to here thoses cipher suites...
- RE : How to allow new users as default access Remote Desktop By Alfredomarifrankie - on October 25, 2020
  On the server in question, open control panel and go into “System and Security” then click “Allow remote access”. At...

Home

Prevent TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)

Our recent VA report shows that there are TLS/SSL Birthday attacks on 64-bit block ciphers possible on Kubernetes etcd ports.

Suggested solution is Configure the server to disable support for 3DES suite.

Our problems are :

How to disable support for 3DES suite?
How this configuration will affect to our running Kubernetes services?
How to Configure the server to disable support for static key cipher suites?

Here suggest a way to access only API server to access, but I dont understand how to apply it for running kubernetes instance.

Any help, suggestions will be greatly appreciated.Also note, I am not an expert net admin.

Jcmarimarissa Vice Professor Asked on October 26, 2020 in centos.

Share
Comment(0)

Add Comment

1 Answer(s)

Votes
Oldest

The cipher suites can be set via cipher-suites parameter:

$ etcd \   --cipher-suites TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

According to here thoses cipher suites should be secure.

Jerrynoetia Vice Professor Answered on October 26, 2020.

Share
Comment(0)

Add Comment

LATEST ANSWERS

Prevent TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)

Your Answer

HOT QUESTIONS

LATEST ANSWERS

Prevent TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)

Your Answer

Tags Widget

HOT QUESTIONS