How do I disable the following cipher suites?
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
I presume the software you’re asking about (which is obscured from this report) is from the Ubuntu archive, or you wouldn’t have asked here.
In which case, the Ubuntu Security Team has already patched this.
This appears to be a security tool that only checks version numbers and does not consider distribution patches. A tale as old as time.
it was installed from the snap store
Right now, I temporarily removed microk8s and it fixed the scans
Ah, if it’s the microk8s snap then take a look at https://microk8s.io/docs/how-to-cis-harden
The snap contains addons for enabling this cis-hardening.
microk8s enable cis-hardening
Check 1.2.31 covers both of your examples. TLS_RSA_WITH_3DES_EDE_CBC_SHA, and TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
1 Like