SSL Medium Strength Cipher Suites Supported (SWEET32) - 3DES

momina.anjum-b · September 5, 2023, 12:02pm

Hi,

We are facing problems that the vulnerability 3des/des medium strength cipher is present in- redhat linux server located at /etc/crypto-policies/back-ends/opensslcnf.config.If we remove the 3DES from the opensslcnf.config. file will it create any problems with login to the vault UI application? Because if we login to vault UI, it will take us to one login page like the OIDC auth connected page and it will also create any issues while logging to vault URL.

The vulnerability is reported for 8200 port.Is it vulnerable for using medium strength cipher

Note: We got a suggestion, like if any of the applications are running on ssl,Need to rebuild the ssl for the application and Reconfigure the affected application if possible to avoid use of medium strength ciphers.

conor-mccullough · September 6, 2023, 2:28pm

You need to define the acceptable cipher suites with the tls_cipher_suites parameter, or you can disable TLS1.2 by defining the minimum version as 1.3.

Vault doesn’t control the ciphers used by its client beyond being able to accept or reject them, so if this causes issues for client service connections, you’ll need to address it on the client end not Vault’s.

Topic		Replies	Views
SSL Medium Strength Cipher Suites Supported (SWEET32) Vault	2	828	April 5, 2023
#3des medium strength cipher present in Linux server where vault is installed Vault	4	358	September 1, 2023
AS per vulnerabilities scanning report ..SSL Medium Strength Cipher Suites Supported (SWEET32) on port 8200 hashicorp Vault Vault	0	29	July 15, 2024
Need TLS_Cipher suites configuration file for vault Vault	2	497	March 21, 2023
Vault OpenLDAP Stronger Confidentiality Vault	0	308	March 26, 2021

SSL Medium Strength Cipher Suites Supported (SWEET32) - 3DES

Related topics