[BUG] About all zero monitoring and insecure protocols #1916
Comments
|
it is related to the controller-runtime webhook setting, a possible fix can be refer to the issue |
furykerry
added
help wanted
|
Hey @furykerry Could I look into this ? |
|
/assign @RohanMishra315 |
|
Got the idea how to solve this, but having problem where should the changes be made , @furykerry could you help me a bit . |
|
the webhook server initialization code is here |
|
@hcwnbs What version of kruise are you using? |
|
@hcwnbs actually there are two issues related
#1 is already fixed in kruise 1.8 since we have upgraded the golang version to 1.22, in which , tls 1.2 is now the default minVersion for both server and client. for #2, maybe we should follow the logic of apiserver, and just choose the first non local address by calling ResolveBindAddress of the package k8s.io/apimachinery/pkg/util/net |
I directly used the image, and the image version is 1.5.4. |
When I was using this software, I found some listening ports with all-zero values during the scanning process, such as 9876, 8080, 8090, and 8000. Moreover, the insecure TLS 1.0 and 1.1 protocols, as well as insecure cipher suites (for example, using RSA as the key exchange algorithm and cipher suites containing CBC symmetric cipher algorithms in the TLS protocol) are being used for port 9876. May I ask if there is any plan to address these issues?
The text was updated successfully, but these errors were encountered: