Versionen im Vergleich

Alte Version 3

changes.mady.by.user LANCOM Redaktion

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user LANCOM Redaktion

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.
Seiteneigenschaften



Description:
This document describes how to disable the use of the SSLv3 protocol on LANCOM devices.
After deactivating SSLv3, by default only the
protocol
protocol TLS remains active. The settings apply to both the HTTP server and the HTTP client in LCOS.
Information:
  • If you are operating configured LANCOM devices with LCOS firmware version 8.50 or later, to disable SSLv3 you have to upload the script file provided below into the LANCOM devices.
  • Since LCOS version 9.0 RU3 and also LCOS 8.84 RU4 (download), the SSLv3 protocol is disabled by default if a firmware update of LANCOM devices is performed on devices with the unconfigured factory settings.
    • If you are updating configured LANCOM devices to the LCOS 9.0 RU3 or LOCS 8.84 RU4 or later, to disable SSLv3 you have to upload the script file provided below into the LANCOM devices.
  • For information about the vulnerability in the SSLv3 protocol (also known as the POODLE hack), see the National Institute of Standards and Technology homepage under publication number CVE-2014-3566.



Requirements:
  • LCOS as of version 8.50
and later
LCMS
  • LANtools as of version 8.50
and later


Procedure:
For LCOS versions as of LCOS 10.30
1) Upload a script with LANconfig:
1.1)
Using LANconfig, upload the following script file to the LANCOM device (Configuration management
->
Restore script from file...).
View file
name
sslv3-tlsv1-deaktivate_as_of_10.30.lcsImage Removed
sslv3-tlsv1-deaktivate_as_of_10.30.lcs
height150

sslv3-tlsv1-deaktivate_as_of_10.30.lcsImage Added
For LCOS versions as of LCOS 9.20

1) Upload a script with LANconfig:
1.1)


Using LANconfig, upload the following script file to the LANCOM device (Configuration management
->
Restore script from file...).
sslv3-tlsv1-deaktivate_until_10.20.lcsImage Removed
View file
namesslv3-tlsv1-deaktivate_until_10.20.lcs
height150

For LCOS versions as of LCOS 9.0

1) Upload a script with LANconfig:
1.1)


Using LANconfig, upload the following script file to the LANCOM device (Configuration management
->
Restore script from file...).
set-tls-lcos900.lcsImage Removed
View file
nameset-tls-lcos900.lcs
height150

For LCOS versions 8.50 & 8.84

1) Upload a script with LANconfig:

1.1)


Using LANconfig, upload the following script file to the LANCOM device ( Configuration management -> Restore script from file...).

set-tls-lcos850-884.lcsImage Removed
View file
nameset-tls-lcos850-884.lcs
height150