Versions Compared

Old Version 1

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version 2

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Note
titleCaution

The https interfaces of Embedded Management Application (EMA) and Platform Mode (PM) are vulnerable to the BEAST attack. Secure Sockets Layer (SSL) BEAST attack affects only Transport Layer Security (TLS) version 1.0, and not the later versions.  For further details, refer to the external link http https://www.kb.cert.org/vuls/id/864643.

Generally, stream Stream ciphers are generally not affected by the BEAST attack. However, RC4 is the only stream cipher standardized for use with TLS 1.0, and its use is prohibited for TLS with the RFC7465 standards.

For the installation/upgrade process of SBC Core 6.0, the possible scenarios are as follows:

  • If the defaults for TLS 1.0, 1.1, 1.2, and 1.2 3 defaults are set, then TLS 1.0 is disabled in the default PM/EMA Tls profile.
  • If the defaults for TLS 1.0, 1.1, 1.2, and 1.2 3 are not set, the user-provided configuration is preserved.

If the configuration of the EMA Tls Profile configuration changes from the pre-6.0 defaults, the upgrade process does not attempts attempt to apply the new defaults.

Warning
titleWarning

Enabling TLS 1.0 creates security risks, and is strongly advised against. To avoid security loopholes, upgrade Upgrade to newer browser versions that supports support TLS 1.1, TLS 1.2, and TLS 1.23 to avoid security loopholes. Disable TLS 1.0, and enable TLS 1.2 3 for protection against BEAST attacks.