Matthias Schulz
Member
Members
Forum Posts: 3
Member Since:
09/03/2024
09/03/2024
Offline
OPCUA 1.04 specifies TLS ciphersuites that are considered weak for various reasons.
For a security point of view such ciphersuites shall be avoided and replaced by one that is recommened for state-of-the art products.
Current mandatory ciphersuits:
https://reference.opcfoundatio.....cs/6.6.160
TLS_DHE_RSA with AES_nnn_CBC_SHA256
https://ciphersuite.info/cs/TL.....BC_SHA256/
https://reference.opcfoundatio.....cs/6.6.159
TLS_RSA with AES_256_CBC_SHA256
https://ciphersuite.info/cs/TL.....BC_SHA256/
Here is a list of recommended ciphersuites:
https://ciphersuite.info/cs/?s.....t=sec-desc
Additionally, mbedTLS is dropping support for such weak ciphersuites in future versions:
Randy Armstrong
Admin
Forum Posts: 1562
Member Since:
05/30/2017
05/30/2017
Offline
Please create a mantis issue on Part 7:
Forum Timezone: America/Phoenix
Most Users Ever Online: 510
Currently Online:
Guest(s) 29
Currently Browsing this Page:
1 Guest(s)
1 Guest(s)
Top Posters:
Forum Stats:
Groups: 2
Forums: 10
Topics: 1432
Posts: 4849