weak tls configuration - object storage
Hello,
I just checked linodes TLS configuration with SSL lab and I found that there are several issues.
<img alt="Image of b grade cert" src="https://user-images.githubusercontent.com/39703898/114743056-39eb7000-9d44-11eb-9a94-750a800d788c.png">
Are there any plans to improve on this or is this not considered a problem?
You can see the full report here.
1 Reply
The reason for the B grade is the use of TLS 1.0 and 1.1. I have an independently-audited, PCI compliant application that allows the use of weak ciphers, but still gets an A rating as it is TLS 1.2+ only.
I believe security is always a trade off between security and compatibility - you can have the best security by only using the latest, strong protocols, but you potentially lose compatibility with older clients (software/devices.)
For that reason, I can’t see Linode switching off TLS 1.0/1.1 on object storage … yet.
This would pose an issue if you are using Object Storage to store payment card-related data, as this has to be in a TLS 1.2+ only environment. It all depends on your use-case and risk assessment of the environment and technology you’re using in your solution.