etcd as provided by the snap and charm utilized the default TLS ciphers as provided by Go. This currently allows for weak ciphers to still be used by default (TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA). This was discussed in depth in an issue upstream [1], in which a change has been made to allow for passing `--cipher-suites` to override the defaults provided by Go.
With this, the snap and the charm should be updated to support a user defined cipher-suites config option which is then passed on to the snap.
etcd as provided by the snap and charm utilized the default TLS ciphers as provided by Go. This currently allows for weak ciphers to still be used by default (TLS_ECDHE_ RSA_WITH_ 3DES_EDE_ CBC_SHA, TLS_RSA_ WITH_3DES_ EDE_CBC_ SHA). This was discussed in depth in an issue upstream [1], in which a change has been made to allow for passing `--cipher-suites` to override the defaults provided by Go.
With this, the snap and the charm should be updated to support a user defined cipher-suites config option which is then passed on to the snap.
[1] https:/ /github. com/etcd- io/etcd/ issues/ 8320