LATEST ANSWERS

RE: iOS 13 VoIP push notification - didReceiveIncomingPushWith not getting called when the application is terminated By KoryBricker - on January 28, 2021
Did you ever get this figured out? I'm running into the exact same thing
RE: Err connection timeout in GCP websites By andersonrubio - on December 11, 2020
Hello! We have exactly the same problem, our site https://recorvet.com/ can't be accessed by a few minutes (is intermittent) from...
RE : gammu 1.42, gammu-smsd service error, LD_LIBRARY_PATH not found By Deshawnmariyolanda - on October 26, 2020
There is an other way to fix this issue by: Add a new file as gammu-smsd-1.42.0-x86_64.conf under /etc/ld.so.conf.d only one...
RE : gammu 1.42, gammu-smsd service error, LD_LIBRARY_PATH not found By Edgarroseelvira - on October 26, 2020
/etc/profile is used by shells like bash; it is not used to set up the environment for systemd services. To...
RE : CentOS 7 yum “database is locked” By Kennithwarrengracie - on October 26, 2020
check this post from centos forum . This post looks similar to your issue.
RE : Warning: Unnecessary HSTS header over HTTP By Richdorthyjacklyn - on October 26, 2020
You can conditionally set headers using env= Header always set Strict-Transport-Security "..." env=HTTPS (you can use both always and env=...
RE : How long it will take a newly registered Domain Name in Route53 to work? By Keenanaddiejosefa - on October 26, 2020
DNS propagation usually takes up to 72 hours: When an IP address, or any other information about a hostname, is...
RE : Prevent TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32) By Jerrynoetia - on October 26, 2020
The cipher suites can be set via cipher-suites parameter: $ etcd \ --cipher-suites TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 According to here thoses cipher suites...

- Questions
- Tags
- Badges
- Categories
- Users
LATEST ANSWERS
- RE: iOS 13 VoIP push notification - didReceiveIncomingPushWith not getting called when the application is terminated By KoryBricker - on January 28, 2021
  Did you ever get this figured out? I'm running into the exact same thing
- RE: Err connection timeout in GCP websites By andersonrubio - on December 11, 2020
  Hello! We have exactly the same problem, our site https://recorvet.com/ can't be accessed by a few minutes (is intermittent) from...
- RE : gammu 1.42, gammu-smsd service error, LD_LIBRARY_PATH not found By Deshawnmariyolanda - on October 26, 2020
  There is an other way to fix this issue by: Add a new file as gammu-smsd-1.42.0-x86_64.conf under /etc/ld.so.conf.d only one...
- RE : gammu 1.42, gammu-smsd service error, LD_LIBRARY_PATH not found By Edgarroseelvira - on October 26, 2020
  /etc/profile is used by shells like bash; it is not used to set up the environment for systemd services. To...
- RE : CentOS 7 yum “database is locked” By Kennithwarrengracie - on October 26, 2020
  check this post from centos forum . This post looks similar to your issue.
- RE : Warning: Unnecessary HSTS header over HTTP By Richdorthyjacklyn - on October 26, 2020
  You can conditionally set headers using env= Header always set Strict-Transport-Security "..." env=HTTPS (you can use both always and env=...
- RE : How long it will take a newly registered Domain Name in Route53 to work? By Keenanaddiejosefa - on October 26, 2020
  DNS propagation usually takes up to 72 hours: When an IP address, or any other information about a hostname, is...
- RE : Prevent TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32) By Jerrynoetia - on October 26, 2020
  The cipher suites can be set via cipher-suites parameter: $ etcd \ --cipher-suites TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 According to here thoses cipher suites...

Home

Prevent TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)

Our recent VA report shows that there are TLS/SSL Birthday attacks on 64-bit block ciphers possible on Kubernetes etcd ports.

Suggested solution is Configure the server to disable support for 3DES suite.

Our problems are :

How to disable support for 3DES suite?
How this configuration will affect to our running Kubernetes services?
How to Configure the server to disable support for static key cipher suites?

Here suggest a way to access only API server to access, but I dont understand how to apply it for running kubernetes instance.

Any help, suggestions will be greatly appreciated.Also note, I am not an expert net admin.

Download script fix [LINK]
Download script fix [LINK 2]
Download script fix [LINK 2]

Jcmarimarissa Vice Professor Asked on October 26, 2020 in centos.

Share
Comment(0)

Add Comment

1 Answer(s)

Votes
Oldest

The cipher suites can be set via cipher-suites parameter:

$ etcd \   --cipher-suites TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

According to here thoses cipher suites should be secure.

Download the fix file

Jerrynoetia Vice Professor Answered on October 26, 2020.

Share
Comment(0)

Add Comment

LATEST ANSWERS

Prevent TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)

Your Answer

HOT QUESTIONS

LATEST ANSWERS

Prevent TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)

Your Answer

Tags Widget

HOT QUESTIONS