× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Start a New Discussion

Announcements

Polls
What is your Experience with NETGEAR Insight cloud management?
Vote
Hide Results
Top Contributors
See All

Add TLS 1.2 Support

Status: New Idea Submitted by Follower on ‎2021-02-22 01:37 PM
Comment

Please add support for TLS 1.2 to GS108Tv2 switch range.  Currently only TLS 1.0 is supported on firmware 5.4.2.35.  TLS 1.0 is  considered deprecated by IETF:

 

https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-12

 

<extract>

4. Do Not Use TLSv1.0

 

TLSv1.0 MUST NOT be used. Negotiation of TLSv1.0 from any version of TLS MUST NOT be permitted. Any other version of TLS is more secure than TLSv1.0. TLSv1.0 can be configured to prevent interception, though using the highest version available is preferable. Pragmatically, clients MUST NOT send a ClientHello with ClientHello.client_version set to {03,01}. Similarly, servers MUST NOT send a ServerHello with ServerHello.server_version set to {03,01}. Any party receiving a Hello message with the protocol version set to {03,01} MUST respond with a "protocol_version" alert message and close the connection. Historically, TLS specifications were not clear on what the record layer version number (TLSPlaintext.version) could contain when sending ClientHello. Appendix E of [RFC5246] notes that TLSPlaintext.version could be selected to maximize interoperability, though no definitive value is identified as ideal. That guidance is still applicable; therefore, TLS servers MUST accept any value {03,XX} (including {03,00}) as the record layer version number for ClientHello, but they MUST NOT negotiate TLSv1.0.

 

</extract>

See more ideas labeled with: