Insecure TLS 1.2 ciphers

253 views
Skip to first unread message

Nataliia

unread,
Mar 22, 2023, 10:54:40 AM3/22/23
to Wazuh mailing list
Hello,

Our vulnerability scanner found the Wazuh dashboard server has following vulnerability:

Negotiated with the following insecure cipher suites: TLS 1.2 ciphers:
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CCM
TLS_RSA_WITH_AES_128_CCM_8
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CCM
TLS_RSA_WITH_AES_256_CCM_8
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_ARIA_128_GCM_SHA256
TLS_RSA_WITH_ARIA_256_GCM_SHA384

How can I disable this insecure TLS 1.2 ciphers and left only secure TLS 1.2 ciphers?

Obinna Uchubilo

unread,
Mar 22, 2023, 11:16:35 AM3/22/23
to Wazuh mailing list
Hello Nataliia,

For Wazuh-indexer/dashboard:
You’ll need to modify the /etc/wazuh-indexer/opensearch.yml
And add the following configuration block:

plugins.security.ssl.http.enabled_ciphers:
  - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
  - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
  - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
  - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
  - "TLSv1.2"
plugins.security.ssl.transport.enabled_protocols:
  - "TLSv1.2"

And then restart the service to apply the changes:
systemctl restart wazuh-indexer

Then, it is necessary to add the following line to your /etc/wazuh-dashboard/opensearch_dashboards.yml
server.ssl.supportedProtocols: ["TLSv1.2"]

And then restart the service to apply the changes:
systemctl restart wazuh-dashboard

Hope this information helps.

Regards

Nataliia

unread,
Mar 22, 2023, 11:48:34 AM3/22/23
to Wazuh mailing list
Hi Obinna,

In the /etc/wazuh-indexer/opensearch.yml already was added following strings:

plugins.security.ssl.http.enabled_ciphers:
  - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
  - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
  - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
  - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
plugins.security.ssl.http.enabled_protocols:
  - "TLSv1.2"

And to the /etc/wazuh-dashboard/opensearch_dashboards.yml I added following string earlier:
server.ssl.supportedProtocols: ["TLSv1.2"]

Then I added following string to /etc/wazuh-indexer/opensearch.yml:

plugins.security.ssl.transport.enabled_protocols:
  - "TLSv1.2"


But this caused an error when I try to go through Wazuh Dashboard GUI:

середа, 22 березня 2023 р. о 17:16:35 UTC+2 Obinna Uchubilo пише:

Obinna Uchubilo

unread,
Mar 22, 2023, 12:04:40 PM3/22/23
to Wazuh mailing list
Hi,

Can you revert to the previous configuration? 

Then try making the changes one step at a time, to confirm what exact change leads to the error.

Regards 

Reply all
Reply to author
Forward
0 new messages