Merge pull request #5747 from djoshy/remove-cipher-order

MCO-2147: Remove all remaining hardcoded references for TLS configuration

Author: openshift-merge-bot[bot]

pkg/server/api.go

@@ -342,46 +342,3 @@ func getHTTPServerCfg(addr string, handler http.Handler, tlsConfig *tls.Config)
 	}
 
 }
-
-// Disable insecure cipher suites for CVE-2016-2183
-// cipherOrder returns an ordered list of Ciphers that are considered secure
-// Deprecated ciphers are not returned.
-func cipherOrder() []uint16 {
-	var first []uint16
-	var second []uint16
-
-	allowable := func(c *tls.CipherSuite) bool {
-		// Disallow block ciphers using straight SHA1
-		// See: https://tools.ietf.org/html/rfc7540#appendix-A
-		if strings.HasSuffix(c.Name, "CBC_SHA") {
-			return false
-		}
-		// 3DES is considered insecure
-		if strings.Contains(c.Name, "3DES") {
-			return false
-		}
-		return true
-	}
-
-	for _, c := range tls.CipherSuites() {
-		for _, v := range c.SupportedVersions {
-			if v == tls.VersionTLS13 {
-				first = append(first, c.ID)
-			}
-			if v == tls.VersionTLS12 && allowable(c) {
-				inFirst := false
-				for _, id := range first {
-					if c.ID == id {
-						inFirst = true
-						break
-					}
-				}
-				if !inFirst {
-					second = append(second, c.ID)
-				}
-			}
-		}
-	}
-
-	return append(first, second...)
-}