You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 18, 2022. It is now read-only.
I think all modern browsers already negotiate secure ciphers and protocols. Disabling of less secure ones will not change a thing for them but may bring troubles when connecting from older devices.
An attacker can manipulate the handshake and force a downgrade to SSLv3 (POODLE)
This is why it should at least be possible to manually disable SSLv3 in the settings.
If you enable the secure port for the web-gui the default crypto settings are outdated and insecure.
This SSL/TLS test gives the server the grade F.
Please disable SSLv3, RC4, DES, and maybe even 3DES. All modern browsers will still be able to connect but the security will be massively improved.
Alternatively an option to configure these settings from the gui would be welcome.
The text was updated successfully, but these errors were encountered: