Per the SSLv3 vulnerabilities that came out on 10/14:
There doesn’t seem to be a way to adjust the HTTPS cipher settings to turn off the SSLv3 protocol (Balance 210 6.1.2 build 2717).
Really surprised I wasn’t able to find any mention of this yet on the forums or I’m totally missing it. Pretty serious issue. If it’s being discussed elsewhere, please do redirect me. Otherwise… will Peplink be releasing a patch to either disable SSLv3 or allow their customers to adjust the cipher settings?
Yes. Time for an update guys. Close off SSL3. Also time to update the cert and signature on the installed cert to SHA-256. The only browser that will loose access is old and not updated XP with original IE6, which hardly matters.
However, I’m surprised to also see TLS 1.2 is on. So it seems the opportunity to really update the TLS that the inbuilt https server provides.
You can get a look at your peplink https / TLS behavior with this