Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
Hi guys,
when you have to offer VTS over HTTPS, you have to define some configrations in configuration.json file.
BUT: there is a TLS padding oracle vulnerability in some cipher suites with ECDHE-RSA-AES256-SHA
Securiy Scan resulted: GOLDENDOODLE vulnerability found with ECDHE-RSA-AES256-SHA on TLSv1.2
So I've had to figure out, how to configure the value in "ciphers" besides "ALL" which is the only description in the onine help.
To get you out of trouble I share my knowledge with you, which works and is adaptable for future use.
"useSSL": true, "certificate": "PATH_TO_VALID_CERTIFICATE.pem", "privateKey": "PATH_TO_PRIVATE_KEY-FILE.key", "passphrase": "PRIVTAE_SECUREKEY", "ca": "vts.cer", "minVersion": "TLSv1.2", "maxVersion": "TLSv1.3", "ciphers": "TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!SRP:!CAMELLIA", "requestClientCert": false