Skip to main content
Rino_B
Rino_B
Explorer III
May 26, 2025
Question

TLS Cipher Suite Hardening ACME Interface

  • May 26, 2025
  • 1 reply
  • 616 views

Hi there,

 

We enhance our SSL/TLS configuration with the config below but this does not affect the ACME interface.

How can we (due to an audit) harden the ACME interface?


config system global
set admin-https-ssl-banned-cipher RSA DHE SHA1 SHA256 SHA384 ARIA
end

 

The ACME interface still supports the following chipers:

TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048)
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048)
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1)
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1)

1 reply

Anthony_E
Staff
Anthony_E
Staff
May 29, 2025

Hello Rino,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Best Regards
Terms & ConditionsAccessibility statement