How to disable TLS Version 1.1 Protocol Deprecated.

[azizi hack]

Hello experts,

I've installed the latest Wazuh 4.3.7 on Ubuntu 22.04 running without any issue.

Unfortunately, our Tenable IO scanner has flagged that TLS Version 1.1 Protocol Deprecated.

Any idea on how to disable this old cipher?

Thank you.

[Federico Rodriguez]

Hi!

For wazuh-indexer, these settings can be modified as per this documentation:

https://opensearch.org/docs/latest/security-plugin/configuration/tls/#advanced-enabled-ciphers-and-protocols
https://opensearch.org/docs/latest/troubleshoot/tls/#tls-versions

For wazuh-dashboard, be aware that it does not support TLS v1.3 yet, there is already an issue asking to add this support:

https://github.com/opensearch-project/OpenSearch-Dashboards/issues/838

Keep in mind if you set up wazuh-indexer to use TLS 1.3 it won't work with wazuh-dashboards.

Hope it helps!

[azizi hack]

Hi Federico,

Thank you. appreciate the response. 

i just add this line :

vi /etc/wazuh-dashboard/opensearch_dashboards.yml

server.ssl.supportedProtocols: ["TLSv1.2"]

Hope this would work.