Rosbridge / Websocket (Melodic) -> How can I disable TLS 1.0 and 1.1?
Hello,
Unfortunately, TLS version 1.0 and 1.1 is activated on our Rosbridge / Websocket port 9090. We connect via Google Chrome with TLS version 1.3 and with Internet Explorer with version 1.2, but a vulnerability scan revealed TLS version 1.0 at port 9090 and that is a problem.
We use Ubuntu 18.04 and ROS Melodic. Start the Rosbridge / Websocket with a ROS Launchfile and give the arguments SSL True and Cert- and Keyfiles at the start. Unfortunately I can't find any arguments for the TLS version.
How can I deactivate TLS versions 1.0 and 1.1 on Rosbridge / Websocket?
Greetings Bernde
Asked by BerndeDGF on 2021-05-09 13:46:45 UTC
Comments
afaik,
rosbridge
uses Autobahn for its websocket infrastructure. You may want to see whether Autobahn provides any knobs to tune.Asked by gvdhoorn on 2021-05-10 01:49:50 UTC
I have now asked Python Autobahn, but have not yet received an answer. Does any of you know where the Python Autobahn files are or where I can find them in Ubuntu 18.04? Can these be found somewhere in the ROS structures or in the Python structures?
Asked by BerndeDGF on 2021-05-19 13:45:47 UTC
Afaik Autobahn is a system dependency, not a ROS package.
So this would be the default location for Python packages on your system.
Asked by gvdhoorn on 2021-05-19 15:21:07 UTC