add options for min tls levels

2026-01-04 23:17:50 +00:00 · 2018-01-19 11:50:47 -05:00
parent f9bb978ad6
commit ad16803470
8 changed files with 65 additions and 4 deletions
--- a/cmd/kubelet/app/server.go
+++ b/cmd/kubelet/app/server.go
@@ -627,12 +627,14 @@ func InitializeTLS(kf *options.KubeletFlags, kc *kubeletconfiginternal.KubeletCo
 		return nil, err
 	}

+	minTLSVersion, err := flag.TLSVersion(kc.TLSMinVersion)
+	if err != nil {
+		return nil, err
+	}
+
 	tlsOptions := &server.TLSOptions{
 		Config: &tls.Config{
-			// Can't use SSLv3 because of POODLE and BEAST
-			// Can't use TLSv1.0 because of POODLE and BEAST using CBC cipher
-			// Can't use TLSv1.1 because of RC4 cipher usage
-			MinVersion:   tls.VersionTLS12,
+			MinVersion:   minTLSVersion,
 			CipherSuites: tlsCipherSuites,
 		},
 		CertFile: kc.TLSCertFile,