Rosbridge / Websocket (Melodic) -> How can I disable TLS 1.0 and 1.1?

asked 2021-05-09 13:46:45 -0500

BerndeDGF gravatar image


Unfortunately, TLS version 1.0 and 1.1 is activated on our Rosbridge / Websocket port 9090. We connect via Google Chrome with TLS version 1.3 and with Internet Explorer with version 1.2, but a vulnerability scan revealed TLS version 1.0 at port 9090 and that is a problem.

We use Ubuntu 18.04 and ROS Melodic. Start the Rosbridge / Websocket with a ROS Launchfile and give the arguments SSL True and Cert- and Keyfiles at the start. Unfortunately I can't find any arguments for the TLS version.

How can I deactivate TLS versions 1.0 and 1.1 on Rosbridge / Websocket?

Greetings Bernde

edit retag flag offensive close merge delete


afaik, rosbridge uses Autobahn for its websocket infrastructure. You may want to see whether Autobahn provides any knobs to tune.

gvdhoorn gravatar image gvdhoorn  ( 2021-05-10 01:49:50 -0500 )edit

I have now asked Python Autobahn, but have not yet received an answer. Does any of you know where the Python Autobahn files are or where I can find them in Ubuntu 18.04? Can these be found somewhere in the ROS structures or in the Python structures?

BerndeDGF gravatar image BerndeDGF  ( 2021-05-19 13:45:47 -0500 )edit

Afaik Autobahn is a system dependency, not a ROS package.

So this would be the default location for Python packages on your system.

gvdhoorn gravatar image gvdhoorn  ( 2021-05-19 15:21:07 -0500 )edit