"The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.hpe.com for current and complete HPE Aruba Networking product lines and names."

Beginning Nov 15, 2021, the Networking Forums moved to the Airheads community

Web and Unmanaged

1832880 Members

2401 Online

110048 Solutions

New Discussion

Suggestion for SSL/TLS configuration on HPE 1920S OfficeConnect Series

Hi HPE community,

I have a few suggestions on the SSL/TLS configuration of the HPE 1920S OfficeConnect Switch Series which I would like to share with HPE. I know, this is a community forum, but maybe this post is read by someone in the development team of that switch series and he/she takes a look into the issue.

There are a few security problems with the SSL/TLS (HTTPS) configuration on this particular switch series:

Only Diffie-Hellman key exchange with 1024 bits is supported, this is considered very insecure. The switch should support at least 2048 bits for Diffie-Hellman key exchange or it should support ECDHE (e.g. P-256).
The switch supports ECC certificates (you can upload a certificate with P-256 as key type), but the cipher suite configured on the switch's webserver does not list any ECDSA cipher suite, so the handshake with a browser fails. In case you are adding ECDHE key exchange, please consider adding (at least some) ECDSA cipher suites as well (e.g. ECDHE-ECDSA-AES128-SHA256). This way, a user can upload and use ECC keys for HTTPS which would be nice to have.

I do not know which SSL/TLS library is used on the switch, in case OpenSSL is used, theese changes should not be too difficult to implement.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Suggestion for SSL/TLS configuration on HPE 1920S OfficeConnect Series

Suggestion for SSL/TLS configuration on HPE 1920S OfficeConnect Series