NTACurrent en:1.1.2

Aus Cryptshare Documentation
Version vom 7. März 2022, 11:27 Uhr von imported>Erhardts (Adapted headings and line breaks)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu:Navigation, Suche

About this version

This version improves security by hardening the handling of incoming connections.

Changes

  • TLS is required for incoming connections - unencrypted connections are rejected.
  • TLS connections are restricted to one of the following cipher suites:
    • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
    • TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
    • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
    • TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • Connections with the "X-CS-Sensitivity" header set are allowed from trusted networks only. Other connections will be rejected.
  • Unnecessary headers, as specified by the Technical Guide 1.3, are removed by default now.
  • The setup process does not change the DHCP client configuration anymore; this has to be done manually, if required.
  • The setup process allows updating from a previous version.
Abgerufen von „https://documentation.cryptshare.com/w/index.php?title=NTACurrent_en:1.1.2&oldid=18920