Allow SSLContext ciphers to be customized

[steveny91]

What does this PR do?

We accept a handful of SSL Ciphers. These are:

        "TLS_AES_256_GCM_SHA384", 
        "TLS_CHACHA20_POLY1305_SHA256", 
        "TLS_AES_128_GCM_SHA256",
        "ECDHE-ECDSA-AES256-GCM-SHA384", 
        "ECDHE-RSA-AES256-GCM-SHA384", 
        "ECDHE-ECDSA-AES128-GCM-SHA256",
        "ECDHE-RSA-AES128-GCM-SHA256", 
        "ECDHE-ECDSA-CHACHA20-POLY1305", 
        "ECDHE-RSA-CHACHA20-POLY1305", 
        "ECDHE-ECDSA-AES256-SHA384", 
        "ECDHE-RSA-AES256-SHA384", 
        "ECDHE-ECDSA-AES128-SHA256", 
        "ECDHE-RSA-AES128-SHA256", 
        "DHE-RSA-AES256-GCM-SHA384", 
        "DHE-RSA-AES128-GCM-SHA256", 
        "DHE-RSA-AES256-SHA256", 
        "DHE-RSA-AES128-SHA256"

If someone wants to connect to an endpoint that doesn't use one of the above ciphers, then we'd get an SSL error. Currently, we can't configure this. This PR aims to add the ability to include and configure what Ciphers to allow.

The default behavior:

• Allow all Ciphers ('ALL')
• If configured with specific Ciphers, only allow those Ciphers

Motivation is that for the end user, this should be the most encompassing as they would just not need to care about it out of the box. For users that want to be more strict then they can configure it to do so.

The alternative, is to keep the list from above and allow users to customize it. This will work for some users and other users that uses ciphers not on the list will have to configure it in the config.

I'm open for discussion on the default behavior. Afterwards, I can push the changes to update the config templates.

[codecov]

Codecov Report

Attention: Patch coverage is 95.23810% with 1 line in your changes missing coverage. Please review.

Project coverage is 87.86%. Comparing base (1cb058e) to head (fe86b31).
Report is 11 commits behind head on master.

Additional details and impacted files

Flag	Coverage Δ
active_directory	86.36% <ø> (ø)
activemq	52.80% <ø> (ø)
activemq_xml	82.20% <ø> (ø)
amazon_msk	89.19% <ø> (ø)
ambari	85.75% <ø> (ø)
apache	95.08% <ø> (ø)
appgate_sdp	93.93% <ø> (ø)
arangodb	98.23% <ø> (ø)
argo_rollouts	90.00% <ø> (ø)
argo_workflows	87.87% <ø> (ø)
argocd	87.23% <ø> (ø)
aspdotnet	100.00% <ø> (ø)
avi_vantage	91.46% <ø> (ø)
aws_neuron	92.42% <ø> (ø)
azure_iot_edge	82.08% <ø> (ø)
boundary	100.00% <ø> (ø)
btrfs	83.33% <ø> (ø)
cacti	87.90% <ø> (ø)
calico	84.61% <ø> (ø)
cassandra	66.66% <ø> (ø)
cert_manager	77.41% <ø> (ø)
cisco_aci	89.53% <ø> (ø)
citrix_hypervisor	87.50% <ø> (ø)
cloud_foundry_api	96.11% <ø> (ø)
cloudera	99.51% <ø> (ø)
cockroachdb	92.98% <ø> (ø)
consul	91.92% <ø> (ø)
coredns	95.65% <ø> (ø)
crio	89.79% <ø> (ø)
datadog_checks_base	89.23% <95.23%> (-0.05%)	⬇️
datadog_checks_dev	77.63% <ø> (ø)
datadog_checks_downloader	81.37% <ø> (+3.22%)	⬆️
datadog_cluster_agent	90.19% <ø> (ø)
dcgm	93.54% <ø> (ø)
ddev	87.10% <ø> (ø)
directory	96.46% <ø> (ø)
disk	89.44% <ø> (ø)
dns_check	93.84% <ø> (+0.03%)	⬆️
druid	97.70% <ø> (ø)
ecs_fargate	83.71% <ø> (ø)
eks_fargate	94.05% <ø> (ø)
envoy	95.41% <ø> (+5.46%)	⬆️
esxi	93.92% <ø> (ø)
etcd	95.56% <ø> (ø)
external_dns	89.28% <ø> (ø)
fluentd	84.21% <ø> (ø)
fluxcd	88.31% <ø> (ø)
fly_io	97.13% <ø> (ø)
foundationdb	83.83% <ø> (ø)
gitlab_runner	92.76% <ø> (ø)
glusterfs	80.00% <ø> (ø)
go_expvar	92.66% <ø> (ø)
gunicorn	92.16% <ø> (-0.75%)	⬇️
hazelcast	92.30% <ø> (ø)
hdfs_datanode	89.63% <ø> (ø)
hdfs_namenode	86.60% <ø> (ø)
hive	51.42% <ø> (ø)
hivemq	61.90% <ø> (ø)
http_check	94.25% <ø> (ø)
hudi	73.91% <ø> (ø)
ibm_db2	86.29% <ø> (ø)
ibm_i	82.36% <ø> (ø)
ibm_mq	91.31% <ø> (+43.76%)	⬆️
ignite	46.66% <ø> (ø)
impala	97.97% <ø> (ø)
istio	77.86% <ø> (ø)
jboss_wildfly	47.36% <ø> (ø)
kafka	64.70% <ø> (ø)
karpenter	95.06% <ø> (ø)
keda	88.05% <ø> (?)
kube_apiserver_metrics	97.75% <ø> (ø)
kube_controller_manager	97.88% <ø> (ø)
kube_dns	95.94% <ø> (ø)
kube_metrics_server	94.87% <ø> (ø)
kube_proxy	96.80% <ø> (ø)
kube_scheduler	97.92% <ø> (ø)
kubeflow	93.22% <ø> (ø)
kubelet	91.09% <ø> (ø)
kubernetes_cluster_autoscaler	93.22% <ø> (ø)
kubernetes_state	89.49% <ø> (ø)
kubevirt_api	82.75% <ø> (ø)
kubevirt_controller	85.36% <ø> (ø)
kubevirt_handler	91.32% <ø> (ø)
kyototycoon	85.96% <ø> (ø)
kyverno	82.27% <ø> (ø)
lighttpd	83.64% <ø> (ø)
linkerd	84.70% <ø> (ø)
linux_proc_extras	96.20% <ø> (ø)
mapr	82.70% <ø> (ø)
mapreduce	81.99% <ø> (ø)
marathon	83.06% <ø> (ø)
mcache	93.48% <ø> (ø)
mesos_master	89.71% <ø> (ø)
mesos_slave	93.56% <ø> (ø)
milvus	92.30% <ø> (ø)
nagios	89.01% <ø> (ø)
network	80.73% <ø> (-13.05%)	⬇️
nfsstat	95.20% <ø> (ø)
nginx	94.65% <ø> (ø)
nginx_ingress_controller	98.55% <ø> (ø)
nvidia_nim	93.10% <ø> (ø)
nvidia_triton	88.52% <ø> (ø)
openldap	96.33% <ø> (ø)
openmetrics	98.05% <ø> (ø)
openstack	55.11% <ø> (ø)
pgbouncer	91.66% <ø> (ø)
php_fpm	90.45% <ø> (ø)
postfix	88.04% <ø> (ø)
powerdns_recursor	96.65% <ø> (ø)
presto	59.09% <ø> (ø)
process	85.99% <ø> (ø)
prometheus	94.17% <ø> (ø)
proxysql	98.97% <ø> (ø)
pulsar	100.00% <ø> (ø)
quarkus	100.00% <ø> (ø)
rethinkdb	98.27% <ø> (ø)
riak	99.21% <ø> (ø)
riakcs	88.82% <ø> (ø)
silk	93.82% <ø> (ø)
singlestore	90.81% <ø> (ø)
slurm	88.88% <ø> (ø)
snowflake	96.27% <ø> (ø)
solr	56.25% <ø> (ø)
spark	93.17% <ø> (-0.31%)	⬇️
squid	100.00% <ø> (ø)
ssh_check	92.20% <ø> (ø)
statsd	87.36% <ø> (ø)
strimzi	89.78% <ø> (ø)
supabase	93.97% <ø> (?)
supervisord	90.14% <ø> (ø)
system_core	92.52% <ø> (ø)
system_swap	98.30% <ø> (ø)
tcp_check	90.72% <ø> (ø)
tekton	82.30% <ø> (ø)
teleport	98.16% <ø> (ø)
temporal	100.00% <ø> (ø)
teradata	94.27% <ø> (ø)
tibco_ems	91.98% <ø> (ø)
tls	90.24% <ø> (-1.54%)	⬇️
torchserve	97.32% <ø> (ø)
traefik_mesh	76.75% <ø> (ø)
traffic_server	96.13% <ø> (ø)
twemproxy	79.45% <ø> (ø)
twistlock	80.41% <ø> (ø)
varnish	84.22% <ø> (ø)
vllm	93.10% <ø> (ø)
weaviate	76.27% <ø> (ø)
win32_event_log	82.55% <ø> (ø)
wmi_check	97.50% <ø> (ø)
yarn	89.93% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

[dkirov-dd]

lgtm 👍