Product Bulletin: Support for TLSv1.1 and TLSv1.2 on WebGUI
Category : Security
Today, we proudly annonce an update to ScopTEL PBX to support TLSv1.1 and TLSv1.2 in WebGUI when using SSL encryption in order to secure communication on the Management interface.
Since the release of TLSv1, many changes have happened to both the development of TLS and the known attacks against the cryptographic protocol. TLSv1.1 and TLSv1.2 were both released in the mid to late 2000s which fixed many problems seen in TLSv1 but, unfortunately, adoption was meager at best. This left the door open to many attacks against the protocols in use (namely SSLv3 and TLSv1) including BEAST, CRIME, various cipher renegotiation and rollback attacks, and attacks on the RC4 encryption cipher.
In order to use new encryption protocols, you simply need to go on Server -> Packages Manager and click on Update Now.
If you want to update from SSH, you can type :
scopserv_yum update httpd scopserv-server