Difference between revisions of "Vt32-HTTP"
(→Technical) |
|||
| Line 95: | Line 95: | ||
*CVE-2021-3449 OpenSSL Maliciously Crafted Renegotiation Vulnerability | *CVE-2021-3449 OpenSSL Maliciously Crafted Renegotiation Vulnerability | ||
| − | Supported Cyphers per protocol | + | Supported Cyphers per protocol ³ |
*TLSv1.2 | *TLSv1.2 | ||
**TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | **TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | ||
| Line 128: | Line 128: | ||
| − | ²: Tested on reference platform, may vary by used security patches and frameworks | + | ² ³: Tested on reference platform, may vary by used security patches and frameworks |
SNI is not supported. | SNI is not supported. | ||
Revision as of 04:24, 9 March 2023
| Integrated Vitw-32 | |
|---|---|
|
| |
| Developer | Netroda Technologies |
| Type | Application Library |
| Initial Release | 2017 |
| Signature | VitWIN-Http
|
| Platform | Extensible Services / Server for Interaction |
Integrated Vitw-32 Vt32-HTTP is the main Web Server assembly used by various products of the ES/S-i Family. Products include SignMatic and more. Vt32-HTTP also provides the universal remote frontend authentication bearer (URFAB) that is used to authorize users and systems againts a ES/S-Compatible product.
Overview
Integrated Vitw-32 HTTP Server (Vithttpd-Windows-32) is a minimalistic, robust and memory-effective HTTP(S) Server for the ES/S-i platform. Despite it's name might suggest, the service runs on all release platforms including x86-64.
The main features include
- Core-integrated CORS
- Asynchronous request processing
- cache optimizations
- Sessions
- Session Management
- Automated Blacklisting
- MPEG/MJPEG/H264+ Streaming (HLS)
- TLS, with own certificates
- Mime-handlers
- HTTP GET/POST
- WebSocket
Technical
To fulfill the requirements for public web services (Procuts may expose their services to the Internet), only TLS (HTTPS) connections can be established from outer networks by default (depends on product).
The HTTPS Web Server supports
- TLSv1.1
- TLSv1.2
- TLSv1.3
- Diffie-Hellman (DHE) Size 2048 bits
- Elliptic Curves
- P-384 (secp384r1) (384 bits)
- P-256 (prime256v1) (256 bits)
- X25519 (253 bits)
Additionally, the implementations have been proven to be immune against the most common TLS vulnerabilities ²
- POODLE over TLS
- GOLDENDOODLE
- Zombie POODLE
- Sleeping POODLE
- 0-Length OpenSSL
- client-initiated insecure renegotiation.
- ROBOT
- Heartbleed
- CVE-2016-2107
- CVE-2014-0224 CCS Injection.
- CVE-2021-3449 OpenSSL Maliciously Crafted Renegotiation Vulnerability
Supported Cyphers per protocol ³
- TLSv1.2
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLSv1.1
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLSv1.0
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
² ³: Tested on reference platform, may vary by used security patches and frameworks
SNI is not supported.
