Welcome to TP-LINK Tech Support Forum
+ Reply to Thread
Results 1 to 6 of 6
  1. #1

    WebInterface Encryption SSL

    Model :

    Hardware Version :

    Firmware Version :

    ISP : [/COLOR]

    Hi there,

    I have purchased a T2600G-28TS Managed Switch.

    I want to enable SSL for the Webinterface. At this point enabling the WebInterface is considered as totally broken and insecure.

    For the Protocol there is only SSLv3/TLSv1 which is basically the same protocol. At best this can be called outdated if not a security risk. I am missing TLSv1.1 and TLSv2 and TLSv2+
    For the Cipher there is only RC4, DES and TripleDES with MD5 and SHA available. This is considered to be totally broken for a decade or longer.

    RC4 is prohibited from IETF for TLSv1 see RFC7465
    DES was disallowed in 1999 and replaced by 3DES
    NIST considers 3DES as low as 80 Bits security key length.


    MD5 is insecure and is known as craced since 2004.
    SHA/SHA1 is also known as broken.

    Please remove all these borked ciphers, message digest and protocols and replace with an up to date version.

    And replace in the next firmware update with cipherstings containing:
    RSA, AES128, AES256, SHA256, SHA3xx, TLS1.1, TLS1.2, TLS1.2+, DHE, ECDHE, Chacha20, poly1305


    best regards


    tags: ssl, aes, des, 3des, md5, sha, sha1, tls, cipherstring, cipher, message digest, des, security, webinterface, webgui

  2. #2
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,132
    You're right, but you should open a ticket to the TP-Link support rather than posting it in the user's forum. I doubt that TP-Link's engineering is reading here.

  3. #3
    thx for the hint

    i already did it and received a respond.
    my suggestions have been forwarded and i'll receive an answer when there is one available.

  4. #4
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,132
    Great, thank you. Hopefully TP-Link will update this in the firmware for other switches like T1600G, too.

  5. #5
    Hopefully,

    to have _ONLY_ RC4/DES/3DES in an productive environment is not sloppy, this is negligently.

    In the consumergrade i'd say it's just a throw away product, and should be re-flashed with openWRT as soon as possible to have a working state. But this is called _BUSINESS_

    but what i really fear is, if this is just the surface which can be seen and has a bad smell. How is the code/firmware underneath.

  6. #6
    Members R1D2 is on a distinguished road
    Join Date
    Dec 2015
    Posts
    1,132
    AFAIK, OpenWRT does not actively support switches except the ones built into WiFi routers. But you can download the core source code for the T2600G here if you want see for yourself what SW is running: http://static.tp-link.com/resources/...2.0_gpl.tar.gz. At least it is an embedded Linux system, not some crap from Redmont, which unfortunately is also regarded as business-class-type software by some people.


 

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

Copyright 1996-2017 TP-LINK Technologies Co., Ltd. All rights reserved.