https://rancher.com/ logo
r

rough-carpet-50214

10/10/2022, 3:55 PM
Hey all, after upgrading from Rancher
2.6.3
to
2.6.8
we started getting this error on our git repos in the continuous delivery UI:
error:141A318A:SSL routines:tls_process_ske_dhe:dh key too small
I'm aware this is a security issue with our private git server however it wasn't until this version upgrade that rancher started strictly enforcing it. I have already gone though our internal process to have the git server increase the dh key size to 2048. I was wondering if there is some way to disable this strict checking in the mean time while waiting for our git server to be updated?
1
e

enough-waitress-5858

10/11/2022, 3:59 PM
Any update on this?
Maybe they are intentionally making people more secure.
b

bulky-sunset-52084

10/11/2022, 8:09 PM
Yea industry standards define what is included and tested inside of the released product. Old EOL security standards are intentionally removed to assure clients with high security requirements can meet them and to keep the code from getting too bloated and spaghetti. For this reason it is highly unlikely rancher will add or support deprecated security standards in the base product. But at the end of the day the product is open source if that will help at all. Otherwise, yes we are pushing you to be more secure :)
12 Views