Some of my browsers that have restrictions for stronger cipher suites and protocols are unable to connect to the console for the SRX240H2 service gateway. That leads me to concerns about the SSL/TLS libraries and the version. Could someone explain to me why there are weak DH 1024 cipher suites, and no PFS cipher suites? Are the libraries up to date with the current version of the Junos OS installed 12.3X48-D85? The self-signed certificate that is issued using a NIST unapproved hashing algorithm currently as well.
Thank you for the response. The question is more about what ssl libraries are in use and what version they are at. Some of the ciphers in the list are acceptable but could be configured as you have stated in the config... if it is supported. But my concern is more about what version they are at and what potential security issues may exist as a result of the versioning.
OpenSSL 1.0.2s is now available, including bug fixes
OpenSSL 1.0.2r is now available, including bug and security fixes
But of the SSH libraries:
openSSH 8.X recently became available and 6 major branch has long since been deprecated. Any idea on how to bring that to the right person's attention? I am not eligible for a support maintaneance agreement because I purchased my SRX SG from a reseller 😞
While, the focus in the 12.3 code would be more on the bug fixes related to JUNOS, I doubt if the SSH version would change. But I cannot confirm the same. If you have access to a Juniper Partner / Accounts team, they can get this information for you.