Caution

The https interfaces of Embedded Management Application (EMA) and Platform Mode (PM) are vulnerable to the BEAST attack. The Secure Sockets Layer (SSL) BEAST attack affects only Transport Layer Security (TLS) version 1.0, not later versions.  For further details, refer to the external link: https://www.kb.cert.org/vuls/id/864643.

Stream ciphers are generally not affected by the BEAST attack. However, RC4 is the only stream cipher standardized for use with TLS 1.0, and its use is prohibited for TLS with the RFC7465 standards.

For the installation/upgrade process of SBC Core, the possible scenarios are as follows:

  • If the TLS 1.0, 1.1, 1.2, and 1.3 defaults are set, then TLS 1.0 is disabled in the default PM/EMA Tls profile.
  • If the defaults for TLS 1.0, 1.1, 1.2, and 1.3 are not set, the user-provided configuration is preserved.

If the EMA TLS Profile configuration changes from the pre-installation/upgrade defaults, the upgrade process does not attempt to apply the new defaults.Enabling TLS 1.0 creates security risks and is strongly advised against. Upgrade to newer browser versions that support TLS 1.1, TLS 1.2, and TLS 1.3 to avoid security loopholes. Disable TLS 1.0

Warning

Enabling TLS 1.0 creates security risks, and is strongly advised against. Upgrade to newer browser versions that support TLS 1.1, TLS 1.2, and TLS 1.3 to avoid security loopholes. Disable TLS 1.0, and enable TLS 1.3 for protection against BEAST attacks.

  • No labels