SSL cipher support

---Originally posted in wrong discussion board, so moving to the correct one now ------

Ok, there have been a few posts relating to the ability to disable old ciphers, but doesn't seem to be any real answers, so hoping that opening a new thread might spark more conversation. I have a few Sensor Gateways version 5 devices running the latest (8.6) firmware, but can't do anything with the https side of things. Every current browser blocks my ability to connect to the device over https due to the legacy ciphers. Has anyone been able to get around this issue?

Comments

  • PocholloPochollo
    Hello mate,

    HTTPS isn't supported yet with official firmware but there was a beta firmware released here in the forums that supports HTTPS but that firmware doesnt support latest sensor releases.

    If you need it for security I suggest you use the firewall settings instead.

    Cheers!

  • jstasikjstasik
    Ok, I have tried to install the beta version of the software and it renders my device useless and have to revert to factory to get it functional again. Is there an option to just disable https/SSL altogether? I really don't need it, as we only use the web interface to configure the device and then just leverage SNMP with our monitoring system. Is this possible?
  • adminadmin
    jstasik

    Our SensorGateway does not support Web server HTTPS access. Which means by default you can only access your Gateway via HTTP.
    (No need to disable anything on the Gateway)

    Via accessing the Gateway over HTTP you can configure the SNMP settings and have it integrated with your monitoring system.

    if you do not have the latest firmware installed then you may download it from here
    https://serverscheck.com/support/firmware.asp

    In some cases that browsers automatically uses HTTPS to all url's you may disable that on the respective browsers settings
  • jstasikjstasik
    It may not support HTTPS access, but port 443 is open. I am running Release 8.7 on the gateways in our environment and an nmap scan of these devices shows both port 80 and 443 listening. This scan also shows that there is an ssl cert with the common name of mchpboard. My IT security team also has run scans against them and they are running vulnerable versions of SSL.
  • AdministratorAdministrator
    We assume that the firewall is not enabled. Correct?
  • jstasikjstasik
    yes, no firewall enabled.
  • adminadmin
    jstasik

    SSL is by default disabled (this is used for email) as some Mail servers still use the protocol it is an option still on our gateway.
    As for port 443 we have forwarded your concern over to our Development team as this port is currently not being used whilst still listening, it is on the road map.

    For firmware updates we invite you to follow us on our social media channels to know about our latest announcements.

    https://infrasensing.com/about/news.asp
Sign In or Register to comment.