Ensure that the API server is configured to only use strong cryptographic ciphers. Rationale: TLS ciphers have had a number of known vulnerabilities and weaknesses, which can reduce the protection provided by them. By default Kubernetes supports a number of TLS ciphersuites including some that have security concerns, weakening the protection provided. Impact: API server clients that cannot support the custom cryptographic ciphers will not be able to make connections to the API server. NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Follow the directions above and in the OpenShift documentation Configuring Ingress. Default Value: By default, the TLS cipher value for the ingress controller is based on the apiservers.config.openshift.io/cluster resource.