Bug #13630
openAutomatic Configuration Backup system using weak TLS settings
0%
Description
The backend for ACB is using weak TLS settings. Pleas see the following report from SSL Labs: https://www.ssllabs.com/ssltest/analyze.html?d=acb.netgate.com
Key items to address:
1: Enable TLS 1.3
2: Configure a server-side cipher suite preference, prioritizing algorithms that offer forward secrecy and 265-bit key size.
3: Investigate disabling legacy TLS versions and cipher suites.
NOTE: Number 3 is a little harder to implement, as you'll need to ensure the oldest version of pfSense supporting ACB could still connect. Numbers 1 & 2, can be safely implemented, as they will not affect compatibility with older crypto stacks.
Since ACB contains sensitive data, ensuring maximum encryption while in-transit is critical.
No data to display