SSL concerns


#1

Hi everyone,

I have some questions and concerns regarding the Peplink Balance product. I love device and have deployed over 40 of these myself.

  1. Is there a way to install public SSL certificate to replace the one used for management over HTTPS?

  2. While doing a vulnerability assessment against Peplink Balance firmware 5.4.9 we came across a vulnerability where port tcp/32015, which is used for SpeedFusion is presenting a self signed certificate that is yet different from the one presented over HTTPS management. The certificate presented over tcp/32015 has CN=Peplink OU=Peplink, O=Peplink, L=Hong_Kong, ST=Hong_Kong, C=HK. Is there a way to replace this certificate with a publicly signed one?

  3. The SSL server on port tcp/32015 used for SpeedFusion also supports DES(56) as a supported cipher. Can this be disabled in a future release?

Thank you


#2

Hi, 1) is already supported in Firmware 6.1 which is going public next week.

We will come back with comments for the rest in the next few days. Thanks.


#3

Hello,

Both the VPN and Web management certificates are configurable in version 6.1. Item #3 is scheduled to be disabled in next release.

Thanks,
-Jonan
-Peplink