List supported Chiper Suits in Kong Gateway using kubectl

Posted by on December 12, 2025 Leave a comment (0) Go to comments

Working with data transportation (integration) you sometimes need to check the support for some obscure chiper suit that only works with machines from the 60’s 🙂 Here is one way to do that

# Get the name of a kong gateway pod. Here in the namespace "kong"
> kubectl get pods -n kong

...
kong-gateway-abcdef
...

# List chiper suits supported by the pod
> kubectl -n kong exec -it kong-gateway-abcdef -- openssl ciphers -v

Defaulted container "proxy" out of: proxy, clear-stale-pid (init)
TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any  Au=any   Enc=AESGCM(256)            Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256   TLSv1.3 Kx=any  Au=any   Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256         TLSv1.3 Kx=any  Au=any   Enc=AESGCM(128)            Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384  TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256)            Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384    TLSv1.2 Kx=ECDH Au=RSA   Enc=AESGCM(256)            Mac=AEAD
DHE-RSA-AES256-GCM-SHA384      TLSv1.2 Kx=DH   Au=RSA   Enc=AESGCM(256)            Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305  TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
...

Tested on Kubernetes v1.29.15, Kubectl v1.27, OpenSSL v3.0.30 and OSX v15.6.1

Kubernetes, Linux ,

Leave a Comment

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> <pre lang="" line="" escaped="" cssfile="">

This site uses Akismet to reduce spam. Learn how your comment data is processed.