Our recent vulnerabilities scan has identified that the remote host on port 8200 supports SSL ciphers offering medium strength encryption. We are running HashiCorp Vault version 13.6 on a Red Hat Linux server.
According to the HashiCorp Vault documentation
(TCP - Listeners - Configuration | Vault | HashiCorp Developer) and (Configure TLS for your Vault TCP listener | Vault | HashiCorp Developer), it suggests that configuring 'tls_min_version = "tls13"in thevault.hcl` configuration file under the ‘listener’ section may mitigate the Sweet32/3DES issue.
Could you please confirm if adding tls_min_version = "tls13" in vault.hcl is sufficient to address this vulnerability? Additionally, I would appreciate guidance on any other considerations or best practices we should follow to ensure a successful implementation.
Thank you for your assistance.
Best regards,
Rajesh