As our team check that 3des or des medium strength cipher is present in- redhat linux server locate at /etc/crypto-policies/back-ends/opensslcnf.config.
So,If we remove the “3des” cipherstring parameter will it impact have any impact on hasicorp vault version 1.12.2. ?
Go applications such as Vault do not use OpenSSL, so any OpenSSL-specific configuration is irrelevant to Vault.
How to configure the cryptographic settings for Vault? Can we specify somewhere the algorithms to use/not to use?
There are many such places. By default Vault should not be using 3DES anywhere.
Other engines and plugins have their own cryptographic or TLS settings
The FIPS 140-2 version of Vault Enterprise has these settings locked down further: Vault Enterprise FIPS 140-2 Inside | Vault | HashiCorp Developer
I have one query about this 3DES.If we remove the 3DES from the opensslcnf.config. file will it create any problems with login to the vault UI application? Because if we login to vault UI, it will take us to one login page like the OIDC auth connected page and it will also create any issues while logging to vault URL.
Note: We got the suggestion like if any of the application is running on the ssl,Need to rebuild the ssl for the appllication.