03-10-2015 08:59 AM
Hi,
I am wondering if it is possible to configure the SSL/TLS version used by the WSA to establish HTTPS connections to remote webservers.
(eg. no SSLv2, no SSLv3, TLSv1, TLSv1.1, TLSv1.2)
Which versions are supported in general? (in the 8.0.7 and in the 8.5.1 releases?)
Is there another option to limit the usage of cipher suites either? Currently the cipher suites listed below are obviously supported and used. Some of them definitvely lack the desired level of security and are known to be vulnerable to certain attacks.
TLS_DHE_RSA_WITH_AES_256_CBC_SHA |
TLS_DHE_DSS_WITH_AES_256_CBC_SHA |
TLS_RSA_WITH_AES_256_CBC_SHA |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA |
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA |
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA |
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA |
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA |
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA |
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA |
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA |
TLS_RSA_WITH_3DES_EDE_CBC_SHA |
TLS_DHE_RSA_WITH_AES_128_CBC_SHA |
TLS_DHE_DSS_WITH_AES_128_CBC_SHA |
TLS_RSA_WITH_AES_128_CBC_SHA |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA |
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA |
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA |
TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA |
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA |
TLS_RSA_WITH_IDEA_CBC_SHA |
TLS_ECDHE_RSA_WITH_RC4_128_SHA |
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA |
TLS_RSA_WITH_RC4_128_SHA |
TLS_RSA_WITH_RC4_128_MD5 |
TLS_DHE_RSA_WITH_DES_CBC_SHA |
TLS_DHE_DSS_WITH_DES_CBC_SHA |
TLS_RSA_WITH_DES_CBC_SHA |
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA |
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA |
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA |
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 |
TLS_RSA_EXPORT_WITH_RC4_40_MD5 |
TLS_RENEGO_PROTECTION_REQUEST |
Kind regards,
Thomas