AnsweredAssumed Answered

How to disable 443 on UVC Clearsea WAN eth?

Question asked by henrikr Partner on Sep 28, 2015
Latest reply on Mar 23, 2016 by brianericspinks

Hello,

 

A customer side security check of the current 3.1.0 UVC_Platform Clearsea WAN interface results in the vulnerability of the server.

Why:

  1. only a self sign cert is provided on tcp 443 / https
  2. this cert on 443 can´t be changed with an own public cert!!! only web-gui on tcp 8181 can

LSSupport: "Currently it is not possible to configure own SSL-certificates for tcp/443 ports (https:// ->ClientDownload, guestcall/usercall webinterface)

This option is only available for the admin interface (tcp/8181)"

  1. also a weak cert with a key length of 1024bit is used
  2. also a very weak sign algorithm is used: MD5
  3. RC4 cipher will be used, that stand for not secure anymore

 

Please reply, which points of this imputation you can confirm!

If so, then on several deployments I have to disable port tcp 443 on UVC Clearsea WAN interface, immediately.

 

But here comes the point:

How can I do this? (I think only with a pre-firewall)

and

If I do so - is UVC Clearsea Client provisioning for external users not available anymore?

 

Thank you!

Outcomes