pfSense

Additional Information / Reference (Germany, BSI TR-02102):

For environments requiring compliance with German security guidelines, the BSI Technical Guideline TR-02102 specifies recommended cryptographic algorithms for TLS.

Official references:

English: https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/Technische-Richtlinien/TR-nach-Thema-sortiert/tr02102/tr02102_node.html

German: https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisationen/Standards-und-Zertifizierung/Technische-Richtlinien/TR-nach-Thema-sortiert/tr02102/tr02102_node.html

This provides guidance on secure TLS cipher suites that could be considered when implementing an optional hardened TLS profile for the WebGUI.

Does BSI Technical Guideline TR-02102 apply to internal or internet facing interfaces?

My understanding allowing direct access to the pfsense GUI from the internet has never been recommended.

We understand that direct Internet access to the WebGUI is not recommended.
Our request is based on general cryptographic best practices and focuses on the security of the TLS algorithms themselves, independent of whether the interface is exposed externally or only accessible internally.