K
Q

Enable SSLv3 for Minikube Ingress

5/30/2020

I have some problems with enabling SSLv3 in my Nginx Ingress used as a Minikube addon. I have read in docs how to do it. It should be as simple as adding single map. Unfortunately I haven't had much success with it. It added this map in both namespaces - kube-system and the second one in which ingress is created.

kind: ConfigMap
apiVersion: v1
metadata:
  name: nginx-config
data:
  ssl-ciphers: "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
  ssl-protocols: "SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3"

I did it separately and even forced nginx-ingress-controller but nothing happened. I have also found out about nginx-load-balancer-conf ConfigMap in kube-system namespace and added the same entries there too, but it didn't help either.

ssl-protocols seems to be one of few properties which can be defined in ConfigMap but no by annotations.

So my question is: Am I making some kind of stupid mistake or Minikube requires some different configuration?

I'm checking result of my actions by testssl.sh.

-- Dcortez
kubernetes
minikube
nginx-ingress

Similar Questions

Error on websocket connection when importing a GCP Kubernetes cluster into Rancher
Developing an API gateway on Google Kubernetes Engine for ExpessJS / Passport authentication
chown: changing ownership of '/var/lib/mysql/': Operation not permitted in start pods in kubernetes
Kubernetes Ingress + Apache airflow

0 Answers