Check version of SSL/TLS on wazuh server and enable TLS v1.2/1.3

[duc do]

Hi all!
I'm really new to use wazuh
Yesterday, I ussed Nessus Tenable to scan Wazuh server (installed with Ubuntu 20.04).
It shows result that I need to Enable support for "TLS 1.2 and/or 1.3, and disable support for TLS 1.1.".

I want to ask how can I check version of ssl/tls on my wazuh server and how can I enable support for TLS1.2 and disable support for TLS 1.1 as instruction?

Thanks a lot

[Aditya Sharma]

Hi, Thanks for using Wazuh!

Can you please let us know which Wazuh Version you are using in this right now, like using Elasticsearch/Kibana or Open search(Wazuh-Indexer & Wazuh-Dashboard)?

In your Nessus Tenable Scan Report, on which port it is showing you this Vulnerability?

If it is showing on port 443, then you just need to add the below line in your kibana.yml or opensearch_dashboards.yml:

server.ssl.supportedProtocols: ["TLSv1.2"," TLSv1.3"]

This will disable TLS1.1 and enable TLSv1.2 & 1.3 which are the latest versions.

I hope this helps you. Don't hesitate to ask your questions/concerns. We are very happy to help you.

Regards
Aditya Sharma

[Bill Justesen]

Awesome! Was just looking to do this but I had listed TLSv1.3 below TLSv1.2 and it just didn't seem to work. Thank you.

[Aditya Sharma]

Hi bjustesen,

Glad that worked for you. Please let us know of any questions/concerns. We are very happy to help you.

Regards
Aditya Sharma

[ismailctest C]

Hi,

Anyone can share the screenshot after added the supported line?

Where to be added this in kibana.yml?

[ismailctest C]

Hi,

Please support anyone.

Anyone can share the screenshot after added the supported line?

Where to be added this in kibana.yml?

--
You received this message because you are subscribed to the Google Groups "Wazuh mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/9bf66908-5b4f-405d-8b2d-be02431a11fen%40googlegroups.com.

[Aditya Sharma]

HI Ismailctest,

You can add this at end of the file:

server.ssl.supportedProtocols: ["TLSv1.2"," TLSv1.3"]

And just after adding, restart the service and see if it is running fine or not.

I hope this helps you.

You received this message because you are subscribed to a topic in the Google Groups "Wazuh mailing list" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/wazuh/urxVx60TcMM/unsubscribe.
To unsubscribe from this group and all its topics, send an email to wazuh+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wazuh/CAO32fRzDftpHR1hC7%2Bk1Z6LjZAXPA%3Dm%3DxbGhYM29Xc74Hv2y%2Bg%40mail.gmail.com.

--

Thanks & Regards
Aditya Sharma

[Dayze Sun]

Hi Aditya, 

I'm on version 4.3.9 and I've tried this several different ways to disable TLSv1.0 and 1.1 in opensearch_dashboards.yml on wazuh dashboard 

I tried putting each of these after the other server.ssl lines and also at the end of the file. It breaks 443 connections from all browsers.

server.ssl.supportedProtocols: ["TLSv1.2"," TLSv1.3"]

plugins.security.ssl.http.enabled_protocols: ["TLSv1.2"," TLSv1.3"] 

(with and without the space after the double quotes, before TLS.1.3)

any suggestions greatly appreciated!