Docker Community Forums

Share and learn in the Docker community.

TLSVersion and Cipher Suite enablement

Problem description

Docker version 18.09.1, build 4c52b90

Git Repo For Swarm Contiv: https://github.com/contiv/install

Getting following Vulnerabilities:

SSL Medium Strength Cipher Suites Supported 3376 Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES) ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1 The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}
SSL Medium Strength Cipher Suites Supported 10000 Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES) ECDHE-RSA-DES-CBC3-SHA Kx=ECDH Au=RSA Enc=3DES-CBC(168) Mac=SHA1 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1 The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag}

Docker Config:

ExecStart=/usr/bin/dockerd --tlsverify --tlscacert=/etc/docker/certs/ca.pem --tlscert=/etc/docker/certs/cert.pem --tlskey=/etc/docker/certs/key.pem -H tcp://0.0.0.0:2376 -H unix:///var/run/docker.sock --cluster-store=etcd://localhost:2379

Swarm Configuration:

/usr/bin/docker run -t -d -p 3376:3376
-v /etc/docker/certs:/etc/docker/certs
–net=host --name=swarm-manager
swarm:1.2.5 manage
-H :...
–tlsverify
–tlscacert=/etc/docker/certs/ca.pem
–tlscert=/etc/docker/certs/cert.pem
–tlskey=/etc/docker/certs/key.pem
–strategy spread
–replication --advertise=...:3376
etcd://etcd_server:2379

How can I pass TLSVersion and Cipher Suite in docker and swarm configuration ???

1 Like