Laszlo Vigh
Laszlo Vigh
Thanks for looking into this, that explains it - we can confirm that all leaked handles are old.
Wouldn't it be possible to also remove `TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA` and `TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`? These two CBC mode ciphers are also often considered weak.
I think this is probably evident to many who read this issue, but I just add here what I came up with as I started looking into this a bit...
I opened a slack [thread](https://calicousers.slack.com/archives/C0BCA117T/p1750083754003189) about this. I copy a part of that post here as well: I'm trying to understand how we could defend calico from these types of...