Ensure that the API Server only makes use of Strong Cryptographic Ciphers




Ensure that the API server is configured to only use strong cryptographic ciphers.


TLS ciphers have had a number of known vulnerabilities and weaknesses, which can reduce the protection provided by them. By default Kubernetes supports a number of TLS ciphersuites including some that have security concerns, weakening the protection provided.

API server clients that cannot support modern cryptographic ciphers will not be able to make connections to the API server.


Edit the API server pod specification file /etc/kubernetes/manifests/kube-apiserver.yaml on the master node and set the below parameter.


Policy Details

Rule Reference ID: AC_K8S_0043
Remediation Available: No
Resource: kubernetes_pod
Resource Category: Compute
Resource Type: Pod