SSL Medium Strength Cipher Suites Supported (SWEET32)

rajesh.dey · April 4, 2023, 12:59pm

Hi,
We are facing vulnerability in our vault linux server (SSL Medium Strength Cipher Suites Supported (SWEET32) ).We are not seeing any 3DES cipher suites used in our vault but the below vulnerability is occurred and not able to fix it. Vault is using TLS 1.2 and higher version.

[ ~]# netstat -tulnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8200 0.0.0.0:* LISTEN 3050065/vault

[~]# ps 3050065
PID TTY STAT TIME COMMAND
3050065 ? Ssl 187:46 /usr/bin/vault server -config=/etc/vault.d/vault.hcl

      Can anyone guide us how can we resolve this issue?

Thanks and Regards,
Rajesh Dey

macmiranda · April 4, 2023, 3:53pm

Does this help?

rajesh.dey · April 5, 2023, 5:37am

we have already checked this link and vault is using the high cipher suites. Should we need to add the parameters Cipher suites and Min TLS version in the Vault HCL configuration file?

will that solve SSL vulnerability?

Topic		Replies	Views
Need TLS_Cipher suites configuration file for vault Vault	2	497	March 21, 2023
AS per vulnerabilities scanning report ..SSL Medium Strength Cipher Suites Supported (SWEET32) on port 8200 hashicorp Vault Vault	0	29	July 15, 2024
SSL Medium Strength Cipher Suites Supported (SWEET32) - 3DES Vault	1	748	September 6, 2023
#3des medium strength cipher present in Linux server where vault is installed Vault	4	358	September 1, 2023
Vault agent listener tls_cipher_suites Vault	0	24	July 12, 2024

SSL Medium Strength Cipher Suites Supported (SWEET32)

Related topics