From PSM version 5F3 by default the webUI only uses strong ciphers (TLS 1.2) and it is possible to allow the usage of TLS 1.1.
In 5LTS versions this is not implemented.
scp patch-lighttpd-cipher.sh root@PSM_IP_ADDR:/mnt/firmware/root
cd /root; chmod u+x patch-lighttpd-cipher.sh
./patch-lighttpd-cipher.sh
makeworld -a
systemctl restart lighttpd.service
Expected cipher list:
$ sslscan lcsscb5lts | grep -e Preferred -e Accepted
Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
Expected tainted file list:
(boot/master/lcsscb5lts)root@scb1:~# xcbclient self xcb_check_core_files
/mnt/drbd/private/root/usr/lib/python3/dist-packages/scb/local_services/http/templates/lighttpdconfig.tpl
/mnt/drbd/private/root/etc/lighttpd/lighttpd.conf
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy