Need TLS_Cipher suites configuration file for vault


We have got Vulnerability "SSL medium strength Cipher suites Supported (SWEET32) " for our Linux Machines.

  1. Which config file we need to update the TLS cipher suites for Vault?

  2. Will hardening the systems by updating/disabling the TLS lower version Cipher suites will cause any issues to vault ?

Can anyone clarify this? How to mitigate this vulnerability in vault.

Jayasri Ravichandran

Please refer to the documentation: TCP - Listeners - Configuration | Vault | HashiCorp Developer

Hi Max,

Thanks for the Response.

I have gone through the Link which you have provided, But TCPListeners parameter is in the vault’s hcl configuration file?

Is it really possible that if update the Cipher suites or MIn and Max TLS version parameters will that work?

Thanks & Regards,
Jayasri Ravichandran