Hello!
I’m trying to configure explicit TLS cipher suites supported by a vault agent but get an exception saying it’s an unsupported argument. The docs suggest that any listener-related config would be supported however I’m not able to get tls_cipher_suites to work.
details:
- vault client version: 1.13.12
- relevant config:
{
"listener": [
{
"address": "node-a:8100",
"tls_cert_file": "/etc/vault.d/cert.pem",
"tls_cipher_suites": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"tls_key_file": "/etc/vault.d/cert.pem",
"type": "tcp"
}
]
}
- error:
Started HashiCorp Vault - agent service for accessing vault secrets.
==> Note: Vault Agent version does not match Vault server version. Vault Agent version: 1.13.12, Vault server version: 1.13.3
==> Vault Agent started! Log data will stream in below:
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x40 pc=0x19de4de]
goroutine 1 [running]:
github.com/hashicorp/vault/internalshared/listenerutil.TLSConfig(0xc0021f2800, 0xc001d5efb8?, {0x0, 0x0})
/home/runner/work/vault/vault/internalshared/listenerutil/listener.go:151 +0xc7e
github.com/hashicorp/vault/command/agent/cache.StartListener(0xc0021f2800)
/home/runner/work/vault/vault/command/agent/cache/listener.go:66 +0x310
github.com/hashicorp/vault/command.(*AgentCommand).Run(0xc0020f5320, {0xc00012c060, 0x2, 0x2})
/home/runner/work/vault/vault/command/agent.go:695 +0x39e5
github.com/mitchellh/cli.(*CLI).Run(0xc0021c8000)
/home/runner/go/pkg/mod/github.com/mitchellh/cli@v1.1.5/cli.go:262 +0x5f8
github.com/hashicorp/vault/command.RunCustom({0xc00012c050?, 0x3?, 0x3?}, 0xc0000061a0?)
/home/runner/work/vault/vault/command/main.go:238 +0xa65
github.com/hashicorp/vault/command.Run(...)
/home/runner/work/vault/vault/command/main.go:142
main.main()
/home/runner/work/vault/vault/main.go:16 +0x50
vault.service: Main process exited, code=exited, status=2/INVALIDARGUMENT