Application Delivery Management
Application Modernization & Connectivity
CyberRes
IT Operations Management
Hi guys,
when you have to offer VTS over HTTPS, you have to define some configrations in configuration.json file.
BUT: there is a TLS padding oracle vulnerability in some cipher suites with ECDHE-RSA-AES256-SHA
Securiy Scan resulted: GOLDENDOODLE vulnerability found with ECDHE-RSA-AES256-SHA on TLSv1.2
So I've had to figure out, how to configure the value in "ciphers" besides "ALL" which is the only description in the onine help.
To get you out of trouble I share my knowledge with you, which works and is adaptable for future use.
"useSSL": true, "certificate": "PATH_TO_VALID_CERTIFICATE.pem", "privateKey": "PATH_TO_PRIVATE_KEY-FILE.key", "passphrase": "PRIVTAE_SECUREKEY", "ca": "vts.cer", "minVersion": "TLSv1.2", "maxVersion": "TLSv1.3", "ciphers": "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA", "requestClientCert": false