Is the httpd service configurable?
- Thread starter SnakeByte
- Start date
RMerlin
Asuswrt-Merlin dev
If possible, I'd like to:
Disable TLS 1.0 and 1.1 as well as restrict the cipher suite.
Disable Secure Client-Initiated Renegotiation
Enable:
OCSP stapling,
Strict Transport Security (HSTS),
Public Key Pinning (HPKP)
but I'll take what I can get.
Nothing of that is configurable. It's not a generic web server, it's a proprietary one designed for small embedded devices. The SSL handling is done by the custom mssl library.
lancethepants
Regular Contributor
You could always use something like nginx or stunnel to create a reverse SSL proxy to expose the httpd server.
RMerlin
Asuswrt-Merlin dev
Or NOT expose the httpd, because it's not very hardened in itself, and has received numerous security fixes over the past months. Use a VPN tunnel if you need to remotely access the router's httpd.
I already hardened SSL as much as possible for it. If your browser supports TLS 1.2, then it will use it as well as ECDH ciphers.
But having the best ciphers in the world is meaningless if there are regularly security holes in the daemon you are accessing.
Similar threads
Similar threads
| Thread starter | Title | Forum | Replies | Date |
|---|---|---|---|---|
|
Adding APIs to httpd | Asuswrt-Merlin | 2 | |
| G | Merlin 386.11 - httpd daemon memory bloat | Asuswrt-Merlin | 1 | |
| M | Empty service state string. Bug? | Asuswrt-Merlin | 4 | |
| E | ASUS RT-AC5300 not going well on new Full Fibre Service | Asuswrt-Merlin | 5 |
Similar threads
-
-
-
-
ASUS RT-AC5300 not going well on new Full Fibre Service
- Started by EtheAv8r
- Replies: 5
Latest threads
-
Hyperotpic router replacement - will it solve my problem with connection dropping!
- Started by ACME NoLiFe
- Replies: 2
-
-
-
LAN > DHCP List - Manually Assigned Name + Icon DONT SAVE
- Started by copperhead
- Replies: 4
-
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!