× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Start a New Discussion

Start a New Discussion

Reply

TLS 1.0 & 1.1 active in WAX625 https web interface

Julien_A
Initiate
Initiate
‎2024-12-12 06:58 AM
‎2024-12-12 06:58 AM

TLS 1.0 & 1.1 active in WAX625 https web interface

Having TLS 1.0 and TLS1.1 supported in https web interface makes Wifi  WAX product line susceptible to TLS attacks :

- BEAST Attack

- CRIME Attack

- RC4 Attack

- Weak Cipher Suites Attack

- Attacks renegotiation

 

And the product is unfortunately shown to be non compliant with security scans, just for that unfortunate reason.

 

The firmware is V10.8.11.4 and I cannot find a security option about TLS ? Are there hidden options somewhere ?

 

Would it be possible to add an option to only support TLS 1.2 (and not 1.0 and 1.1) ?

 

[ I means, as far as software is concerned, this is mostly a change of a numerical constant somewhere. ]

Message 1 of 4
Labels:
0 Kudos
Reply
schumaku
Guru Guru
Guru
‎2024-12-13 04:52 AM
‎2024-12-13 04:52 AM

Re: TLS 1.0 & 1.1 active in WAX625 https web interface

Curiosity question back on the subject:

 

Are you operating a PKI and deploy fully signed and certificates signed by a trusted CA to an environment with a full DNS coverage? 

 

Reason asking: We need (much) more pressure on Netgear enhancing many more details, raising more awareness. with the NTGR engineering and management.

 

Certainly, Netgear does understand on how to run some vulnerability checking I assume.

 

Message 2 of 4
Reply
Julien_A
Initiate
Initiate
‎2024-12-13 06:30 AM
‎2024-12-13 06:30 AM

Re: TLS 1.0 & 1.1 active in WAX625 https web interface

@schumaku  a écrit :

Are you operating a PKI and deploy fully signed and certificates signed by a trusted CA to an environment with a full DNS coverage? 

Exactly ! but deploying such certificate for "web management" is a "second step" for us,  first immediate step would be to stop using legacy TLS protocols (and/or cipher suites).

 

so

(1) have a security setting I could untick:  [ X ] Legacy TLS support 1.0 1.1

(2) be able to generate a correct CSR (with hostnames/fqdn/etc..  as S.A.N.) to create its certificate with a PKI

 

Message 3 of 4
Reply
schumaku
Guru Guru
Guru
‎2024-12-13 08:14 PM
‎2024-12-13 08:14 PM

Re: TLS 1.0 & 1.1 active in WAX625 https web interface

@hnagaraju please join this discussion - there is a lot of work waiting overdue for a long time 

Message 4 of 4
0 Kudos
Reply
Top Contributors
See All
Discussion stats
  • 3 replies
  • ‎2024-12-12 06:58 AM
  • 149 views
  • 2 kudos
  • 2 in conversation
Announcements