I’m trying to get HTTPS working on the prometheus API. I got HTTPS working and also authentication working.
But a vuln scan on the API shows that weak ciphers are enabled. This seems to be because the GO defaults are very weak, which I find annoying considering it’s 2022.
Anyhow, I’ve looked at the documentation for setting the cipher and can’t seem to get it right.
Does anyone know how to configure the line in the web.yml file to do this?
The documentation shows:
# List of supported cipher suites for TLS versions up to TLS 1.2. If empty, # Go default cipher suites are used. Available cipher suites are documented # in the go documentation: # https://golang.org/pkg/crypto/tls/#pkg-constants [ cipher_suites: [ - <string> ] ] So i tried: cipher_suites: [ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ] I also tried: [ cipher_suites: [ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA ] ] but prometheus won't start.