SSL Medium Strength Cipher Suites Supported (SWEET32) - 3DES


We are facing problems that the vulnerability 3des/des medium strength cipher is present in- redhat linux server located at /etc/crypto-policies/back-ends/opensslcnf.config.If we remove the 3DES from the opensslcnf.config. file will it create any problems with login to the vault UI application? Because if we login to vault UI, it will take us to one login page like the OIDC auth connected page and it will also create any issues while logging to vault URL.

The vulnerability is reported for 8200 port.Is it vulnerable for using medium strength cipher

Note: We got a suggestion, like if any of the applications are running on ssl,Need to rebuild the ssl for the application and Reconfigure the affected application if possible to avoid use of medium strength ciphers.

You need to define the acceptable cipher suites with the tls_cipher_suites parameter, or you can disable TLS1.2 by defining the minimum version as 1.3.

Vault doesn’t control the ciphers used by its client beyond being able to accept or reject them, so if this causes issues for client service connections, you’ll need to address it on the client end not Vault’s.