From e93c8cd09f314ca98f86948934dbec4ad0e48888 Mon Sep 17 00:00:00 2001
From: "lan.tian" <lance5890@163.com>
Date: Mon, 8 Sep 2025 13:22:26 +0800
Subject: [PATCH] use secure cipher suites for operator

---
 config/pod.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/config/pod.yaml b/config/pod.yaml
index 867c18e6f..a8a3e42d4 100644
--- a/config/pod.yaml
+++ b/config/pod.yaml
@@ -19,3 +19,12 @@ ocm:
   scaInterval: "8h"
   clusterTransferEndpoint: https://api.openshift.com/api/accounts_mgmt/v1/cluster_transfers/
   clusterTransferInterval: "12h"
+servingInfo:
+  cipherSuites:
+  - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+  - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+  - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+  - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+  - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
+  - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+  minTLSVersion: VersionTLS12