LANCOM Support Knowledgebase Dokument-Nr. 1901.3008.5510.RHOO - V1.80

Using current crypto algorithms in the default SSL settings of LANCOM devices



Information:

As of LCOS version 10.20, the crypto algorithms used in the default SSL settings in LCOS have been adapted to the current guidelines from the BSI (German Federal Office for Information Security), TR-02102-2.

This document describes how to use these crypto algorithms according to the configuration state of your device.



1) Your device is in its factory settings and with LCOS version 10.20 REL or later:
  • In this case, the current crypto algorithms are already configured with the default SSL settings. You do not have to take any additional steps.



2) Your device is in its factory settings and with an LCOS version 10.12 or older:

2.1) Perform a firmware update to LCOS version 10.20 or later (download current version).

2.2) Then reset the device to its factory settings (also see Database 'SP Knowledgebase', View '03. Edit Documents\All Documents', Document 'How do I reset the LANCOM to its factory settings?').

2.3) Following the factory reset, the crypto algorithms are active with the default SSL settings.



3) You have a configured device using default global SSL settings and with an LCOS version 10.12 or older:

3.1) Update the LCOS firmware on your device to version LCOS 10.20 RU1 or later (download current version).

3.2) After updating the firmware, start an SSH session on your device (e.g. with PuTTY).

3.3) With the command ssldefaults you can reset the default SSL settings globally. Further information is available in the following Knowledge Base document Database 'SP Knowledgebase', View '03. Edit Documents\All Documents', Document 'LCOS version 10.20 RU1 or later: Resetting SSL settings to their default values'.


3.4 Following a reset, the default SSL settings are configured as shown below (e.g. the path /Setup/HTTP/SSL):

© LANCOM Systems GmbH