Hello,
under the old AOS-S you could set the encryption algorithms for the web server via "tls application <application> lowest-version <tls version> cipher <cipher>". But I can't find any options for this purpose in AOS-CX.
Because in certain environments, for example, the NIST curves are not desired and TLS1.3 via x25519 is required. An NMAP scan returns the following configuration:
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| TLSv1.2:
| ciphers:
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp384r1) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp384r1) - A
| compressors:
| NULL
| cipher preference: server
|_ least strength: A
The current TLS 1.3 does not appear to be supported at all.
Because with SSH you can customise it very well:
22/tcp open ssh
| ssh2-enum-algos:
| kex_algorithms: (2)
| curve25519-sha256
| curve25519-sha256@libssh.org
| server_host_key_algorithms: (1)
| ssh-ed25519
| encryption_algorithms: (1)
| chacha20-poly1305@openssh.com
| mac_algorithms: (1)
| hmac-sha2-512-etm@openssh.com
| compression_algorithms: (1)
|_ none
Does anyone here have more information?
Thank you