Configure the server to disable support for static key cipher suites

  • What Grafana version and what operating system are you using?
    Grafana Version 8.2.5
  • What are you trying to achieve?
    Trying to configure the server to disable support for static key cipher suites
  • How are you trying to achieve it?
    I have tried setting

tls_min_version = tls13

tls_min_version = tls1.3

  • What happened?

However scans still show up that insecure cipher suites: TLS 1.2 ciphers are being used.

  • What did you expect to happen?
    I expected to be able to disable support for static key ciphers.

  • Did you receive any errors in the Grafana UI or in related logs? If so, please tell us exactly what they were.

  • Did you follow any online instructions? If so, what is the URL?
    Configure Grafana | Grafana documentation

welcome to the :grafana: forum, @naoh

I dont see tls_min_version listed in our config documentation. I do see something like that in the Loki code, however:

Hi, I do not want to configure it on Loki, i read documentation that it is hard-coded in Grafana itself. Can I configure it for Grafana in defaults.ini?

Grafana doesn’t expose TLS configuration - you can’t configure any TLS settings in Grafana. Use reverse proxy e. g. Nginx in front of Grafana and configure desired TLS configuration (min/max tls version, ciohers) there.