What's new

Is the httpd service configurable?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

SnakeByte

Regular Contributor
If possible, I'd like to:

Disable TLS 1.0 and 1.1 as well as restrict the cipher suite.
Disable Secure Client-Initiated Renegotiation

Enable:
OCSP stapling,
Strict Transport Security (HSTS),
Public Key Pinning (HPKP)

but I'll take what I can get. :)
 
If possible, I'd like to:

Disable TLS 1.0 and 1.1 as well as restrict the cipher suite.
Disable Secure Client-Initiated Renegotiation

Enable:
OCSP stapling,
Strict Transport Security (HSTS),
Public Key Pinning (HPKP)

but I'll take what I can get. :)

Nothing of that is configurable. It's not a generic web server, it's a proprietary one designed for small embedded devices. The SSL handling is done by the custom mssl library.
 
You could always use something like nginx or stunnel to create a reverse SSL proxy to expose the httpd server.
 
You could always use something like nginx or stunnel to create a reverse SSL proxy to expose the httpd server.

Or NOT expose the httpd, because it's not very hardened in itself, and has received numerous security fixes over the past months. Use a VPN tunnel if you need to remotely access the router's httpd.

I already hardened SSL as much as possible for it. If your browser supports TLS 1.2, then it will use it as well as ECDH ciphers.

But having the best ciphers in the world is meaningless if there are regularly security holes in the daemon you are accessing.
 
Similar threads

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top