!--startfragment>

Hi all,

Following an internal penetration test, a recommendation was flagged regarding SSL/TLS configuration. Specifically, the remote host is advertising cipher suites that are considered discouraged. The recommendation is to restrict support to the following secure and widely compatible cipher suites:

TLSv1.3:

• 0x13,0x01 – TLS13_AES_128_GCM_SHA256
• 0x13,0x02 – TLS13_AES_256_GCM_SHA384
• 0x13,0x03 – TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:

• 0xC0,0x2B – ECDHE-ECDSA-AES128-GCM-SHA256
• 0xC0,0x2F – ECDHE-RSA-AES128-GCM-SHA256
• 0xC0,0x2C – ECDHE-ECDSA-AES256-GCM-SHA384
• 0xC0,0x30 – ECDHE-RSA-AES256-GCM-SHA384
• 0xCC,0xA9 – ECDHE-ECDSA-CHACHA20-POLY1305
• 0xCC,0xA8 – ECDHE-RSA-CHACHA20-POLY1305

These suites are considered highly secure and compatible with nearly all modern clients.

Could anyone confirm whether IFS Cloud supports these cipher suites? Additionally, guidance on where these changes should be applied within the cloud configuration would be greatly appreciated.

!--endfragment>

thanks

Gary