Robotics StackExchange | Archived questions

Rosbridge / Websocket (Melodic) -> How can I disable TLS 1.0 and 1.1?

Hello,

Unfortunately, TLS version 1.0 and 1.1 is activated on our Rosbridge / Websocket port 9090. We connect via Google Chrome with TLS version 1.3 and with Internet Explorer with version 1.2, but a vulnerability scan revealed TLS version 1.0 at port 9090 and that is a problem.

We use Ubuntu 18.04 and ROS Melodic. Start the Rosbridge / Websocket with a ROS Launchfile and give the arguments SSL True and Cert- and Keyfiles at the start. Unfortunately I can't find any arguments for the TLS version.

How can I deactivate TLS versions 1.0 and 1.1 on Rosbridge / Websocket?

Greetings Bernde

Asked by BerndeDGF on 2021-05-09 13:46:45 UTC

Comments

afaik, rosbridge uses Autobahn for its websocket infrastructure. You may want to see whether Autobahn provides any knobs to tune.

Asked by gvdhoorn on 2021-05-10 01:49:50 UTC

I have now asked Python Autobahn, but have not yet received an answer. Does any of you know where the Python Autobahn files are or where I can find them in Ubuntu 18.04? Can these be found somewhere in the ROS structures or in the Python structures?

Asked by BerndeDGF on 2021-05-19 13:45:47 UTC

Afaik Autobahn is a system dependency, not a ROS package.

So this would be the default location for Python packages on your system.

Asked by gvdhoorn on 2021-05-19 15:21:07 UTC

Answers