Status: IN
OpenShift enforces encryption at multiple layers: four TLS security profile types (Old/Intermediate/Modern/Custom) govern API and route encryption, IPsec uses AES-GCM-16-256 in Transport mode for pod-to-pod encryption on OVN-Kubernetes, and SAN fields are mandatory in HTTPS certificates since OCP 4.10 — creating defense-in-depth from certificate validation through transport encryption.
Four base beliefs about TLS/IPsec/certificates combine into a layered encryption model
Depends on (SL): ocp-tls-four-profile-types, ipsec-cipher-aes-gcm-16-256, ipsec-pod-to-pod-transport-mode, ocp-410-san-certificate-requirement