can get response when using a disabled cipher

have a list of enabled ciphers

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (enabled)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (enabled)
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (enabled)

same from nmap:

PORT      STATE SERVICE
50051/tcp open  unknown
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: client
|_  least strength: A

disable some of them

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (disabled)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (disabled)
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (enabled)

same from nmap:

PORT      STATE SERVICE
50051/tcp open  unknown
| ssl-enum-ciphers:
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A
|     compressors:
|       NULL
|     cipher preference: indeterminate
|     cipher preference error: Too few ciphers supported
|_  least strength: A

try gnmic get using a disabled cipher. We receive an answer and we should not.

$ gnmic get --path drivenets-top/system/oper-items/system-info --target target1 --config target2.yaml --debug
2024/08/14 13:04:51.506882 /home/runner/work/gnmic/gnmic/app/app.go:216: [gnmic] version=0.28.0, commit=8315400, date=2022-12-07T17:02:16Z, gitURL=https://github.com/openconfig/gnmic, docs=https://gnmic.openconfig.net
2024/08/14 13:04:51.506934 /home/runner/work/gnmic/gnmic/app/app.go:221: [gnmic] using config file "target2.yaml"
2024/08/14 13:04:51.512332 /home/runner/work/gnmic/gnmic/app/app.go:259: [gnmic] set flags/config:
address: []
api: ""
capabilities-version: false
cluster-name: default-cluster
config: target2.yaml
debug: true
diff-compare: []
diff-model: []
diff-path: []
diff-prefix: ""
diff-qos: "0"
diff-ref: ""
diff-sub: false
diff-target: ""
diff-type: ALL
dir: []
encoding: json
exclude: []
file: []
format: ""
generate-camel-case: false
generate-config-only: false
generate-path: ""
generate-snake-case: false
get-model: []
get-path:
- drivenets-top/system/oper-items/system-info
get-prefix: ""
get-processor: []
get-target: target1
get-type: ALL
get-values-only: false
getset-condition: any([true])
getset-delete: ""
getset-get: ""
getset-model: []
getset-prefix: ""
getset-replace: ""
getset-target: ""
getset-type: ALL
getset-update: ""
getset-value: ""
gzip: false
insecure: false
instance-name: ""
listen-max-concurrent-streams: "256"
listen-prometheus-address: ""
log: true
log-file: ""
log-tls-secret: false
max-msg-size: 536870912
no-prefix: false
password: ""
path-config-only: false
path-descr: false
path-path-type: xpath
path-search: false
path-state-only: false
path-types: false
path-with-non-leaves: false
path-with-prefix: false
port: "57400"
print-request: false
prompt-description-bg-color: dark_gray
prompt-description-with-prefix: false
prompt-description-with-types: false
prompt-max-suggestions: "10"
prompt-prefix-color: dark_blue
prompt-suggest-all-flags: false
prompt-suggest-with-origin: false
prompt-suggestions-bg-color: dark_blue
proto-dir: []
proto-file: []
proxy-from-env: false
retry: 10s
set-delete: []
set-delimiter: ':::'
set-dry-run: false
set-prefix: ""
set-replace: []
set-replace-file: []
set-replace-path: []
set-replace-value: []
set-request-file: []
set-request-replace: []
set-request-update: []
set-request-vars: ""
set-target: ""
set-update: []
set-update-file: []
set-update-path: []
set-update-value: []
skip-verify: false
subscribe-backoff: 0s
subscribe-heartbeat-interval: 0s
subscribe-history-end: ""
subscribe-history-snapshot: ""
subscribe-history-start: ""
subscribe-lock-retry: 5s
subscribe-mode: stream
subscribe-model: []
subscribe-name: []
subscribe-output: []
subscribe-path: []
subscribe-prefix: ""
subscribe-qos: "0"
subscribe-quiet: false
subscribe-sample-interval: 0s
subscribe-set-target: false
subscribe-stream-mode: target-defined
subscribe-suppress-redundant: false
subscribe-target: ""
subscribe-updates-only: false
subscribe-watch-config: false
targets:
  target1:
    address: 10.51.0.24:50051
    cipher-suites:
    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    get-path: drivenets-top/system/oper-items/system-info
    insecure: false
    password: dnroot
    tls-ca: SA.crt
    username: dnroot
targets-file: ""
timeout: 10s
tls-ca: ""
tls-cert: ""
tls-key: ""
tls-max-version: ""
tls-min-version: ""
tls-version: ""
token: ""
upgrade-use-pkg: false
use-tunnel-server: false
username: ""

2024/08/14 13:04:51.516828 /home/runner/work/gnmic/gnmic/app/app.go:269: [gnmic] config='target2.yaml'(string)
2024/08/14 13:04:51.516859 /home/runner/work/gnmic/gnmic/app/app.go:269: [gnmic] debug='true'(bool)
2024/08/14 13:04:51.516914 /home/runner/work/gnmic/gnmic/app/app.go:269: [gnmic] get-path='[drivenets-top/system/oper-items/system-info]'([]string)
2024/08/14 13:04:51.516929 /home/runner/work/gnmic/gnmic/app/app.go:269: [gnmic] get-target='target1'(string)
2024/08/14 13:04:51.519795 /home/runner/work/gnmic/gnmic/app/app.go:269: [gnmic] targets/target1/address='10.51.0.24:50051'(string)
2024/08/14 13:04:51.520133 /home/runner/work/gnmic/gnmic/app/app.go:269: [gnmic] targets/target1/cipher-suites='[TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]'([]interface {})
2024/08/14 13:04:51.520440 /home/runner/work/gnmic/gnmic/app/app.go:269: [gnmic] targets/target1/get-path='drivenets-top/system/oper-items/system-info'(string)
2024/08/14 13:04:51.520745 /home/runner/work/gnmic/gnmic/app/app.go:269: [gnmic] targets/target1/insecure='false'(bool)
2024/08/14 13:04:51.521056 /home/runner/work/gnmic/gnmic/app/app.go:269: [gnmic] targets/target1/password='dnroot'(string)
2024/08/14 13:04:51.529460 /home/runner/work/gnmic/gnmic/app/app.go:269: [gnmic] targets/target1/tls-ca='SA.crt'(string)
2024/08/14 13:04:51.529789 /home/runner/work/gnmic/gnmic/app/app.go:269: [gnmic] targets/target1/username='dnroot'(string)
2024/08/14 13:04:51.529838 /home/runner/work/gnmic/gnmic/config/config.go:364: [config] cmd=get, flagName=help, changed=false, isSetInFile=false
2024/08/14 13:04:51.529863 /home/runner/work/gnmic/gnmic/config/config.go:364: [config] cmd=get, flagName=model, changed=false, isSetInFile=false
2024/08/14 13:04:51.529890 /home/runner/work/gnmic/gnmic/config/config.go:364: [config] cmd=get, flagName=path, changed=true, isSetInFile=true
2024/08/14 13:04:51.529904 /home/runner/work/gnmic/gnmic/config/config.go:364: [config] cmd=get, flagName=prefix, changed=false, isSetInFile=false
2024/08/14 13:04:51.529917 /home/runner/work/gnmic/gnmic/config/config.go:364: [config] cmd=get, flagName=processor, changed=false, isSetInFile=false
2024/08/14 13:04:51.529934 /home/runner/work/gnmic/gnmic/config/config.go:364: [config] cmd=get, flagName=target, changed=true, isSetInFile=true
2024/08/14 13:04:51.529946 /home/runner/work/gnmic/gnmic/config/config.go:364: [config] cmd=get, flagName=type, changed=false, isSetInFile=false
2024/08/14 13:04:51.529962 /home/runner/work/gnmic/gnmic/config/config.go:364: [config] cmd=get, flagName=values-only, changed=false, isSetInFile=false
2024/08/14 13:04:51.530481 /home/runner/work/gnmic/gnmic/config/targets.go:101: [config] read target config: {"name":"target1","address":"10.51.0.24:50051","username":"dnroot","password":"****","timeout":10000000000,"insecure":false,"tls-ca":"SA.crt","tls-cert":"","tls-key":"","skip-verify":false,"buffer-size":100,"retry-timer":10000000000,"log-tls-secret":false,"gzip":false,"token":""}
2024/08/14 13:04:51.530708 /home/runner/work/gnmic/gnmic/config/targets.go:123: [config] targets: map[target1:{"name":"target1","address":"10.51.0.24:50051","username":"dnroot","password":"****","timeout":10000000000,"insecure":false,"tls-ca":"/home/dn/SA.crt","tls-cert":"","tls-key":"","skip-verify":false,"buffer-size":100,"retry-timer":10000000000,"log-tls-secret":false,"gzip":false,"token":""}]
2024/08/14 13:04:51.530731 /home/runner/work/gnmic/gnmic/config/actions.go:49: [config] actions: map[]
2024/08/14 13:04:51.530757 /home/runner/work/gnmic/gnmic/config/processors.go:45: [config] processors: map[]
2024/08/14 13:04:51.531231 /home/runner/work/gnmic/gnmic/app/get.go:125: [gnmic] sending gNMI GetRequest: prefix='target:"target1"', path='[elem:{name:"drivenets-top"} elem:{name:"system"} elem:{name:"oper-items"} elem:{name:"system-info"}]', type='ALL', encoding='JSON', models='[]', extension='[]' to target1
2024/08/14 13:04:51.531266 /home/runner/work/gnmic/gnmic/app/app.go:511: [gnmic] creating gRPC client for target "target1"
2024/08/14 13:04:51.531551 /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/grpclog/logger.go:53: [gnmic] [core] [Channel #1] Channel created
2024/08/14 13:04:51.531603 /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/grpclog/logger.go:53: [gnmic] [core] [Channel #1] original dial target is: "10.51.0.24:50051"
2024/08/14 13:04:51.531630 /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/grpclog/logger.go:53: [gnmic] [core] [Channel #1] dial target "10.51.0.24:50051" parse failed: parse "10.51.0.24:50051": first path segment in URL cannot contain colon
2024/08/14 13:04:51.531644 /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/grpclog/logger.go:53: [gnmic] [core] [Channel #1] fallback to scheme "passthrough"
2024/08/14 13:04:51.531687 /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/grpclog/logger.go:53: [gnmic] [core] [Channel #1] parsed dial target is: {Scheme:passthrough Authority: Endpoint:10.51.0.24:50051 URL:{Scheme:passthrough Opaque: User: Host: Path:/10.51.0.24:50051 RawPath: ForceQuery:false RawQuery: Fragment: RawFragment:}}
2024/08/14 13:04:51.531703 /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/grpclog/logger.go:53: [gnmic] [core] [Channel #1] Channel authority set to "10.51.0.24:50051"
2024/08/14 13:04:51.531883 /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/grpclog/logger.go:53: [gnmic] [core] [Channel #1] Resolver state updated: {
  "Addresses": [
    {
      "Addr": "10.51.0.24:50051",
      "ServerName": "",
      "Attributes": null,
      "BalancerAttributes": null,
      "Type": 0,
      "Metadata": null
    }
  ],
  "ServiceConfig": null,
  "Attributes": null
} (resolver returned new addresses)
2024/08/14 13:04:51.531969 /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/grpclog/logger.go:53: [gnmic] [core] [Channel #1] Channel switches to new LB policy "pick_first"
2024/08/14 13:04:51.531991 /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/grpclog/logger.go:53: [gnmic] [core] [Channel #1 SubChannel #2] Subchannel created
2024/08/14 13:04:51.532037 /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/grpclog/logger.go:53: [gnmic] [core] [Channel #1 SubChannel #2] Subchannel Connectivity change to CONNECTING
2024/08/14 13:04:51.532052 /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/grpclog/logger.go:53: [gnmic] [core] [Channel #1 SubChannel #2] Subchannel picks a new address "10.51.0.24:50051" to connect
2024/08/14 13:04:51.532219 /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/grpclog/logger.go:53: [gnmic] [core] pickfirstBalancer: UpdateSubConnState: 0xc000649b20, {CONNECTING <nil>}
2024/08/14 13:04:51.532238 /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/grpclog/logger.go:53: [gnmic] [core] [Channel #1] Channel Connectivity change to CONNECTING
2024/08/14 13:04:51.537915 /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/grpclog/logger.go:53: [gnmic] [core] [Channel #1 SubChannel #2] Subchannel Connectivity change to READY
2024/08/14 13:04:51.537952 /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/grpclog/logger.go:53: [gnmic] [core] pickfirstBalancer: UpdateSubConnState: 0xc000649b20, {READY <nil>}
2024/08/14 13:04:51.537968 /home/runner/go/pkg/mod/google.golang.org/grpc@v1.47.0/grpclog/logger.go:53: [gnmic] [core] [Channel #1] Channel Connectivity change to READY
[
  {
    "source": "target1",
    "timestamp": 1723638152553536527,
    "time": "2024-08-14T12:22:32.553536527Z",
    "updates": [
      {
        "Path": "drivenets-top/system/oper-items/system-info",
        "values": {
          "drivenets-top/system/oper-items/system-info": {
            "contact": "support@drivenets.com",
            "description": "DRIVENETS Network Cloud Router"
          }
        }
      }
    ]
  }
]

openconfig / gnmic

can get response when using a disabled cipher #507