Last year, I wrote about how I was able to mitigate a medium-strength ciphers warning against the cube-scheduler component of IBM Cloud Private ( a Kubernetes distribution ): -
I did a little bit more with this yesterday on a Red Hat Linux box.
This was the warning that our Nessus box threw up: -
The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently regard as those with key lengths at least 56 bits and less than 112 bits.
against port 10259 of our host.
I used this command: -
netstat -aonp|grep 10259
to work out which process was using that particular port: -
tcp6 0 0 :::10259 :::* LISTEN 23860/hyperkube off (0.00/0/0)
I then edited the relevant configuration file: -
( having backed it up first )
and changed from: -
Once I killed the kube-scheduler process - kill -9 23860 - and waited for kube-scheduler to restart, Nessus was happy.
I also used: -
openssl s_client -connect 127.0.0.1:10259 </dev/null
to validate the cipher being used: -
Required reading: -