Project

General

Profile

Actions

Bug #13630

open

Automatic Configuration Backup system using weak TLS settings

Added by KStar Runner 3 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
Backup / Restore
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
Affected Architecture:
All

Description

The backend for ACB is using weak TLS settings. Pleas see the following report from SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=acb.netgate.com

Key items to address:
1: Enable TLS 1.3
2: Configure a server-side cipher suite preference, prioritizing algorithms that offer forward secrecy and 265-bit key size.
3: Investigate disabling legacy TLS versions and cipher suites.

NOTE: Number 3 is a little harder to implement, as you'll need to ensure the oldest version of pfSense supporting ACB could still connect. Numbers 1 & 2, can be safely implemented, as they will not affect compatibility with older crypto stacks.

Since ACB contains sensitive data, ensuring maximum encryption while in-transit is critical.

No data to display

Actions

Also available in: Atom PDF