Hello,
Now that TLS 1.3 is an official released standard can I request it go on the new features roadmap please.
https://datatracker.ietf.org/doc/rfc8446/history/
Thank you.
HCG
1 Like
Engineering team is considering that … 
Moving from 1 standard to other 1 may not be a fast process as it involved reviewing plenty of new changes. Possible please share us which components for your requirements that need the system to run on TLS 1.3, engineering team will consider the feasibility.
2 Likes
The option under PepVPN “Backward Compatibility” Restricted limits the connection to TLS1.2. Could we add a further option for "more restricted " for TLS 1.3 with a warning note about how to set this up across a network of Peplink devices so as not to lock out access to devices during a switch to this new option? In particular the downgrade protection TLS 1.3 adds.
For implementation order can I suggest:
- Remove usage of obsolete and insecure features from TLS 1.2, including the following:
a. SHA-1
b. RC4
c. DES
d. 3DES
e. AES-CBC
f. MD5
g. Arbitrary Diffie-Hellman groups — CVE-2016-0701
h. EXPORT-strength ciphers – Responsible for FREAK and LogJam - Cryptographically sign the entire handshake and add RSA-PSS signatures . Likely to not work with self signed certificates.
- Handshake protocol 1-RTT mode.
Of course this may interfere with any FIPS140-2 certification standards.
Hello,
Did this make it onto a feature update yet?
Thank you.
HCG
Hello,
While working on a HD4 FW 8.1.1 system I noticed there are now TLSv1.3 PepVPN/Speed fusion Connections through Cellular WAN.
I know that TLSv1.2 was brought in as the default a while back. Maybe I missed in a Release note but when did TLSv1.3 get introduced? See attached
Thank you.
HCG
1 Like
Hello,
Maybe I got this wrong.
In The log showing tlsv1.3 is it saying that the pep VPN is encrypted to 1.3 or is it saying that a call has come through the pep VPN using 1.3?
From other analysis I suspect that the data in this particular pepVPN channel is actually IC2 querying the router.
HCG