cli
cli copied to clipboard
docker
found non-compliant/unsecure ciphers in docker port 2376 & 2377
Description
please let me know the procedure to remove following unsecure cipher suites for docker port : 2376 and 2377
docker port 2376 (Used for encrypted communication with the daemon) :
| Hexcode | Cipher Suite Name (OpenSSL) | Encryption | Cipher Suite Name (IANA/RFC) |
|---|---|---|---|
| x1303 | TLS_CHACHA20_POLY1305_SHA256 | ChaCha20 | TLS_CHACHA20_POLY1305_SHA256 |
| xc014 | ECDHE-RSA-AES256-SHA | AES | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
| xc013 | ECDHE-RSA-AES128-SHA | AES | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
docker port 2377 (Used for communication between the nodes of a Docker Swarm or cluster)
| Hexcode | Cipher Suite Name (OpenSSL) | Encryption | Cipher Suite Name (IANA/RFC) |
|---|---|---|---|
| x1303 | TLS_CHACHA20_POLY1305_SHA256 | ChaCha20 | TLS_CHACHA20_POLY1305_SHA256 |
| xcca9 | ECDHE-ECDSA-CHACHA20-POLY1305 | ChaCha20 | TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 |
| xc00a | ECDHE-ECDSA-AES256-SHA | AES | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
| xc009 | ECDHE-ECDSA-AES128-SHA | AES | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
please let me know if any findings have been made regarding this issue