New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Warn and Prompt User When Connecting to AMT Over Insecure TLS or Weak Cipher Suites #445

Open

graikhel-intel opened this issue Nov 19, 2024 · 0 comments

Contributor

graikhel-intel commented Nov 19, 2024

SAFE Requirement:

Console must identify when a connection to AMT is using an insecure TLS version or weak cipher suite and display a warning to the user on the UI.
Users should be presented with the option to proceed with or reject the connection, ensuring they are aware of the potential security risks.

Ideas:

Add a config property in Console where users can restrict TLS version and Ciphers
Show a warning to user in the UI when connecting to legacy versions of AMT that use weak Ciphers or <TLS v1.1
Display an insecure icon on the Console UI to remind them they are connecting using insecure protocol/cipher

graikhel-intel added this to Sprint Planning

graikhel-intel converted this from a draft issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment