automation-suite
2022.10
false
Automation Suite Installation Guide
Last updated Oct 4, 2024

How to address weak ciphers in TLS 1.2

TLS 1.2 has vulnerabilities related to weak cipher implementation. If you use TLS 1.2 and want to fortify your system's security, you must take the following steps:

  1. Modify your cipher suite by inserting the following line into your config.yaml. The configuration line must include the parameters of the ciphers that you want to allow.
    sed  -i '/kube-apiserver-arg:/a - "tls-cipher-suites=TLS_CHACHA20_POLY1305_SHA256,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384"' /etc/rancher/rke2/config.yamsed  -i '/kube-apiserver-arg:/a - "tls-cipher-suites=TLS_CHACHA20_POLY1305_SHA256,TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_GCM_SHA384"' /etc/rancher/rke2/config.yam
  2. Restart the RKE2 server. Note that this step may cause temporary downtime.

    systemctl restart rke2-serversystemctl restart rke2-server

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.