Difference between revisions of "Vt32-HTTP"

 
(14 intermediate revisions by the same user not shown)
Line 38: Line 38:
 
<td>2017
 
<td>2017
 
</td></tr>
 
</td></tr>
 
+
<tr>
 +
<td style="width: 130px;vertical-align: top;">'''Signature'''
 +
</td>
 +
<td><code>VitWIN-Http</code>
 +
</td></tr>
 
<tr>
 
<tr>
 
<td style="width: 130px;vertical-align: top;">'''Platform'''</td>
 
<td style="width: 130px;vertical-align: top;">'''Platform'''</td>
Line 46: Line 50:
 
</table>
 
</table>
  
''' Integrated Vitw-32 Vt32-HTTP''' is the main Web Server assembly used by various products of the ES/S-i Family. Products include [[SignMatic]] and more.
+
''' Integrated Vitw-32 Vt32-HTTP''' is the main Web Server assembly used by various products of the ES/S-i Family. Products include [[SignMatic]] and more. Vt32-HTTP also provides the universal remote frontend authentication bearer (URFAB) that is used to authorize users and systems againts a ES/S-Compatible product.
  
 
== Overview ==
 
== Overview ==
Integrated Vitw-32 HTTP Server (Vithttpd-Windows-32) is a minimalistic, robust and memory-effective HTTP(S) Server for the ES/S-i platform. Features include  
+
Integrated Vitw-32 HTTP Server (Vithttpd-Windows-32) is a minimalistic, robust and memory-effective HTTP(S) Server for the ES/S-i platform. Despite it's name might suggest, the service runs on all release platforms including x86-64.
 +
 
 +
The main features include  
  
*Core-integrated CORS  
+
*Core-integrated CORS
 +
*Asynchronous request processing
 +
*cache optimizations
 
*Sessions
 
*Sessions
 
*Session Management  
 
*Session Management  
Line 66: Line 74:
  
 
The HTTPS Web Server supports  
 
The HTTPS Web Server supports  
 +
*TLSv1.0 <sup>3</sup>
 
*TLSv1.1  
 
*TLSv1.1  
 
*TLSv1.2
 
*TLSv1.2
*TLSv1.3
+
*TLSv1.3 <sup>4</sup>
 
*Diffie-Hellman (DHE) Size 2048 bits  
 
*Diffie-Hellman (DHE) Size 2048 bits  
 
*Elliptic Curves
 
*Elliptic Curves
Line 74: Line 83:
 
**P-256 (prime256v1) (256 bits)  
 
**P-256 (prime256v1) (256 bits)  
 
**X25519 (253 bits)
 
**X25519 (253 bits)
Additionally, the implementations have been proven to be immune against the most common TLS vulnerabilities ²
+
Additionally, the implementations have been proven to be immune against the most common TLS vulnerabilities <sup>1</sup>
 
*POODLE over TLS
 
*POODLE over TLS
 
*GOLDENDOODLE
 
*GOLDENDOODLE
Line 87: Line 96:
 
*CVE-2021-3449 OpenSSL Maliciously Crafted Renegotiation Vulnerability
 
*CVE-2021-3449 OpenSSL Maliciously Crafted Renegotiation Vulnerability
  
²: Tested on reference platform, may vary by used security patches and frameworks
+
Supported Cyphers per protocol <sup>2</sup>
 +
*TLSv1.2
 +
**TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
 +
**TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
 +
**TLS_RSA_WITH_AES_256_CBC_SHA
 +
**TLS_RSA_WITH_AES_128_CBC_SHA
 +
**TLS_RSA_WITH_3DES_EDE_CBC_SHA
 +
**TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 +
**TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 +
**TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
 +
**TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
 +
**TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
 +
**TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
 +
**TLS_RSA_WITH_AES_256_GCM_SHA384
 +
**TLS_RSA_WITH_AES_128_GCM_SHA256
 +
**TLS_RSA_WITH_AES_256_CBC_SHA256
 +
**TLS_RSA_WITH_AES_128_CBC_SHA256
 +
 
 +
*TLSv1.1
 +
**TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
 +
**TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
 +
**TLS_RSA_WITH_AES_256_CBC_SHA
 +
**TLS_RSA_WITH_AES_128_CBC_SHA
 +
**TLS_RSA_WITH_3DES_EDE_CBC_SHA
 +
 
 +
*TLSv1.0
 +
**TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
 +
**TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
 +
**TLS_RSA_WITH_AES_256_CBC_SHA
 +
**TLS_RSA_WITH_AES_128_CBC_SHA
 +
**TLS_RSA_WITH_3DES_EDE_CBC_SHA
 +
 
 +
 
 +
<sup>1,2</sup>: tested on reference platform, may vary by used security patches and frameworks
 +
 
 +
<sup>3</sup> : might be disabled for security reasons
 +
 
 +
<sup>4</sup> : not available on all assemblies
 +
 
  
 +
SNI is not supported.
 +
Vt32-HTTP periodically performs integrity checks and clearinghouse tasks, this is particularly noticeable as session-indpendent logout to the users.
  
 
== See also ==
 
== See also ==

Latest revision as of 04:30, 9 March 2023

Integrated Vitw-32


No image

Developer Netroda Technologies
Type Application Library
Initial Release 2017
Signature VitWIN-Http
Platform Extensible Services / Server for Interaction

Integrated Vitw-32 Vt32-HTTP is the main Web Server assembly used by various products of the ES/S-i Family. Products include SignMatic and more. Vt32-HTTP also provides the universal remote frontend authentication bearer (URFAB) that is used to authorize users and systems againts a ES/S-Compatible product.

Overview

Integrated Vitw-32 HTTP Server (Vithttpd-Windows-32) is a minimalistic, robust and memory-effective HTTP(S) Server for the ES/S-i platform. Despite it's name might suggest, the service runs on all release platforms including x86-64.

The main features include

  • Core-integrated CORS
  • Asynchronous request processing
  • cache optimizations
  • Sessions
  • Session Management
  • Automated Blacklisting
  • MPEG/MJPEG/H264+ Streaming (HLS)
  • TLS, with own certificates
  • Mime-handlers
  • HTTP GET/POST
  • WebSocket

Technical

To fulfill the requirements for public web services (Procuts may expose their services to the Internet), only TLS (HTTPS) connections can be established from outer networks by default (depends on product).

The HTTPS Web Server supports

  • TLSv1.0 3
  • TLSv1.1
  • TLSv1.2
  • TLSv1.3 4
  • Diffie-Hellman (DHE) Size 2048 bits
  • Elliptic Curves
    • P-384 (secp384r1) (384 bits)
    • P-256 (prime256v1) (256 bits)
    • X25519 (253 bits)

Additionally, the implementations have been proven to be immune against the most common TLS vulnerabilities 1

  • POODLE over TLS
  • GOLDENDOODLE
  • Zombie POODLE
  • Sleeping POODLE
  • 0-Length OpenSSL
  • client-initiated insecure renegotiation.
  • ROBOT
  • Heartbleed
  • CVE-2016-2107
  • CVE-2014-0224 CCS Injection.
  • CVE-2021-3449 OpenSSL Maliciously Crafted Renegotiation Vulnerability

Supported Cyphers per protocol 2

  • TLSv1.2
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    • TLS_RSA_WITH_AES_256_CBC_SHA
    • TLS_RSA_WITH_AES_128_CBC_SHA
    • TLS_RSA_WITH_3DES_EDE_CBC_SHA
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    • TLS_RSA_WITH_AES_256_GCM_SHA384
    • TLS_RSA_WITH_AES_128_GCM_SHA256
    • TLS_RSA_WITH_AES_256_CBC_SHA256
    • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLSv1.1
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    • TLS_RSA_WITH_AES_256_CBC_SHA
    • TLS_RSA_WITH_AES_128_CBC_SHA
    • TLS_RSA_WITH_3DES_EDE_CBC_SHA
  • TLSv1.0
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
    • TLS_RSA_WITH_AES_256_CBC_SHA
    • TLS_RSA_WITH_AES_128_CBC_SHA
    • TLS_RSA_WITH_3DES_EDE_CBC_SHA


1,2: tested on reference platform, may vary by used security patches and frameworks

3 : might be disabled for security reasons

4 : not available on all assemblies


SNI is not supported. Vt32-HTTP periodically performs integrity checks and clearinghouse tasks, this is particularly noticeable as session-indpendent logout to the users.

See also