NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
TLS 1.0 & 1.1 active in WAX625 https web interface
Having TLS 1.0 and TLS1.1 supported in https web interface makes Wifi WAX product line susceptible to TLS attacks :
- BEAST Attack
- CRIME Attack
- RC4 Attack
- Weak Cipher Suites Attack
- Attacks renegotiation
And the product is unfortunately shown to be non compliant with security scans, just for that unfortunate reason.
The firmware is V10.8.11.4 and I cannot find a security option about TLS ? Are there hidden options somewhere ?
Would it be possible to add an option to only support TLS 1.2 (and not 1.0 and 1.1) ?
[ I means, as far as software is concerned, this is mostly a change of a numerical constant somewhere. ]
4 Replies
Curiosity question back on the subject:
Are you operating a PKI and deploy fully signed and certificates signed by a trusted CA to an environment with a full DNS coverage?
Reason asking: We need (much) more pressure on Netgear enhancing many more details, raising more awareness. with the NTGR engineering and management.
Certainly, Netgear does understand on how to run some vulnerability checking I assume.
schumaku a écrit :Are you operating a PKI and deploy fully signed and certificates signed by a trusted CA to an environment with a full DNS coverage?
Exactly ! but deploying such certificate for "web management" is a "second step" for us, first immediate step would be to stop using legacy TLS protocols (and/or cipher suites).
so
(1) have a security setting I could untick: [ X ] Legacy TLS support 1.0 1.1
(2) be able to generate a correct CSR (with hostnames/fqdn/etc.. as S.A.N.) to create its certificate with a PKI
NETGEAR Academy
Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology!
Join Us!
