Grafana linux server vulnerability medium cipher

tchuiselg · June 12, 2018, 6:14pm

Good afternoon,

I have been looking everywhere I hope I will find the answer here,
I have grafana installed on a linux server, I am trying to remediate a 3DES vulnerability but don’t find any conf file to modify can anybody provide me help if it is possible? I am looking for a conf file where I can put the list of accepted ciphers or the place where we can fix it it is due to the web interface on the port 443

jangaraj · June 12, 2018, 7:15pm

No, you can’t configure it in Grafana. Ciphers + all TLS configs are hardcoded:

github.com

grafana/grafana/blob/80d694d205847869cd4bbe5017f85d4cd4d060eb/pkg/api/http_server.go#L137-L154


	tlsCfg := &tls.Config{
		MinVersion:               tls.VersionTLS12,
		PreferServerCipherSuites: true,
		CipherSuites: []uint16{
			tls.TLS_RSA_WITH_AES_128_CBC_SHA,
			tls.TLS_RSA_WITH_AES_256_CBC_SHA,
			tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
			tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
			tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
		},
	}

BTW: I don’t see any 3DES cipher ^.

Try to use nginx in front of Grafana and configure ciphers/TLS there.
Related PR: https://github.com/grafana/grafana/pull/7347

I recommend https://github.com/drwetter/testssl.sh for SSL sec. testing.

tchuiselg · June 13, 2018, 12:29pm

Jangaraj,

Thank you for that information, indeed the upgrade fixed the issue.

Best regards,

Topic		Replies	Views
Plans to update the Ciphers in the near future? Configuration observability , configuration	2	602	May 23, 2022
Configuring SSL/TLS settings with Grafana Configuration	1	6475	June 26, 2018
Configure the server to disable support for static key cipher suites Configuration	3	523	December 2, 2022
TLS Handshake error Configuration	0	768	November 30, 2018
Access Denied for the grafana gpg key Installation configuration	9	222	July 18, 2023

Grafana linux server vulnerability medium cipher

Related topics