We have run sslscan against the grpc frontend and have noticed below ciphers are still supported. However these are vulnerable/weak. We have enabled set of safe ciphers to be used by passing the env
variable GRPC_SSL_CIPHER_SUITES. This hasn’t resolved the problem yet.
=========List of vulnerable ciphers============
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve 25519 DHE 253
Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve 25519 DHE 253
Accepted TLSv1.2 128 bits AES128-GCM-SHA256
Accepted TLSv1.2 256 bits AES256-GCM-SHA384
Accepted TLSv1.2 128 bits AES128-SHA
Accepted TLSv1.2 256 bits AES256-SHA
Accepted TLSv1.2 112 bits TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Accepted TLSv1.2 112 bits TLS_RSA_WITH_3DES_EDE_CBC_SHA
Can you please help us to get rid of this ciphers.