I just did a vulnerability scan and got the issue "SSH in Elastic server CBC Mode Ciphers Enabled" this vulnerability was detected on the Kibana server.
I have changed the server.ssl.cipherSuites and server.ssl.supportedProtocols configuration in the kibana.yml but the vulnerability is still detected in the next scan
configuration changes I made:
server.ssl.supportedProtocols: ["TLSv1.2", "TLSv1.3"]
server.ssl.cipherSuites: [ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-GCM-SHA384 DHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES256-SHA384 ECDHE-RSA-AES256-SHA256 DHE-RSA-AES256-SHA256 TLS_AES_256_GCM_SHA384 TLS_CHACHA20_POLY1305_SHA256 TLS_AES_128_GCM_SHA256 HIGH !aNULL !eNULL !EXPORT !DES !RC4 !MD5 !PSK !SRP !CAMELLIA]
is there another way to solve this issue?
Thank you,
Regards,
Septia