12th October 2020

Disabling TLS v1.0 & v1.1 on the OpenShift API/Console, scheduled 6 months ago

Transport Layer Security (TLS) protocols are used for encrypted communications across networks. TLS versions 1.0 and 1.1 contain known security vulnerabilities, which may be susceptible to attacks.

The industry is already taking steps and pushing for more security by exclusively allowing TLS 1.2 or later versions. Major web browsers such as Google Chrome, Microsoft Edge, Safari, and Mozilla Firefox have already deprecated TLS 1.0 and 1.1 on March 31, 2020.

Therefore we are going to disable TLS versions 1.0 and 1.1 for the OpenShift API and the OpenShift Console by October 27, 2020. This change is related to the manageability layer of OpenShift. It does not impact the access of your users or customers to existing services and applications.

Action required:

Please make sure that your API connections and browsers work in a TLS 1.2 setup when accessing the OpenShift API or OpenShift Console. Connections using TLS 1.0 and TLS 1.1 encryption protocols will not be working after October 27, 2020.

The oc command is capable of TLS 1.2 since the early beginning of OpenShift, so no action need to be taken.

If you need support with these changes, we are pleased to help you. Please contact us under support@vshn.net or via the ticket system.