The option under PepVPN “Backward Compatibility” Restricted limits the connection to TLS1.2. Could we add a further option for "more restricted " for TLS 1.3 with a warning note about how to set this up across a network of Peplink devices so as not to lock out access to devices during a switch to this new option? In particular the downgrade protection TLS 1.3 adds.
For implementation order can I suggest:
- Remove usage of obsolete and insecure features from TLS 1.2, including the following:
a. SHA-1
b. RC4
c. DES
d. 3DES
e. AES-CBC
f. MD5
g. Arbitrary Diffie-Hellman groups — CVE-2016-0701
h. EXPORT-strength ciphers – Responsible for FREAK and LogJam - Cryptographically sign the entire handshake and add RSA-PSS signatures . Likely to not work with self signed certificates.
- Handshake protocol 1-RTT mode.
Of course this may interfere with any FIPS140-2 certification standards.