NTACurrent en:1.1.2
Aus Cryptshare Documentation
About this version
This version improves security by hardening the handling of incoming connections.
Changes
- TLS is required for incoming connections - unencrypted connections are rejected.
- TLS connections are restricted to one of the following cipher suites:
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- Connections with the "X-CS-Sensitivity" header set are allowed from trusted networks only. Other connections will be rejected.
- Unnecessary headers, as specified by the Technical Guide 1.3, are removed by default now.
- The setup process does not change the DHCP client configuration anymore; this has to be done manually, if required.
- The setup process allows updating from a previous version.