Hi. I’ve experimented with the SSL termination feature which works fine.
The problem is there’s no way to configure security - what cipher suites and protocols to accept. I just ran a check from ssllabs.com and got a grade F. The culprits:
This server supports 512-bit export suites and might be vulnerable to the FREAK attack. Grade set to F.
This server is vulnerable to the POODLE attack. If possible, disable SSL 3 to mitigate. Grade capped to C.
This server is vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224) and exploitable. Grade set to F.
This server accepts the RC4 cipher, which is weak. Grade capped to B.
It supports SSLv3 which is insecure and a number of weak cipher suites.
Any plans on adding configuration options for this?