How to remove non-compliant/unsecure ciphers for docker port 2376 and 2377

visrames · August 18, 2022, 8:11am

please let me know the procedure to remove following unsecure cipher suites for docker port : 2376 and 2377

docker port 2376 (Used for encrypted communication with the daemon)

Hexcode	Cipher Suite Name (OpenSSL)	Encryption	Cipher Suite Name (IANA/RFC)
x1303	TLS_CHACHA20_POLY1305_SHA256	ChaCha20	TLS_CHACHA20_POLY1305_SHA256
xc014	ECDHE-RSA-AES256-SHA	AES	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
xc013	ECDHE-RSA-AES128-SHA	AES	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA

docker port 2377 (Used for communication between the nodes of a Docker Swarm or cluster)

Hexcode	Cipher Suite Name (OpenSSL)	Encryption	Cipher Suite Name (IANA/RFC)
x1303	TLS_CHACHA20_POLY1305_SHA256	ChaCha20	TLS_CHACHA20_POLY1305_SHA256
xcca9	ECDHE-ECDSA-CHACHA20-POLY1305	ChaCha20	TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
xc00a	ECDHE-ECDSA-AES256-SHA	AES	TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
xc009	ECDHE-ECDSA-AES128-SHA	AES	TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA

docker version
Client: Docker Engine - Community
Version: 20.10.17
API version: 1.41
Go version: go1.17.11
Git commit: 100c701
Built: Mon Jun 6 23:03:11 2022
OS/Arch: linux/amd64
Context: default
Experimental: true

Server: Docker Engine - Community
Engine:
Version: 20.10.17
API version: 1.41 (minimum version 1.12)
Go version: go1.17.11
Git commit: a89b842
Built: Mon Jun 6 23:01:29 2022
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.6.6
GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc:
Version: 1.1.2
GitCommit: v1.1.2-0-ga916309
docker-init:
Version: 0.19.0
GitCommit: de40ad0

visrames · August 25, 2022, 6:15am

please let me know if any findings have been made regarding this issue .

hdh0926 · February 20, 2023, 2:59am

i have same issue, maybe i guess it is need to fix by source code level

visrames · February 27, 2023, 12:00pm

please let me know if any findings/suggestions to remove above mentioned unsecure cipher suites for docker port : 2376 and 2377

Topic		Replies	Views
TLSVersion and Cipher Suite enablement General swarm	0	2426	March 17, 2019
Docker Ciphers - Can't use Diffie–Hellman Docker Desktop macos	0	731	February 22, 2019
Secure Dockerd.exe with linux containers Windows Server 2016	0	1164	November 13, 2018
Update sha256 and md5 sum for Docker master branch binary build General	0	572	February 20, 2019
Docker hub and encrypted traffic Docker Hub	1	2356	April 12, 2016

How to remove non-compliant/unsecure ciphers for docker port 2376 and 2377

Related topics