Cloud C2 TLS and Cipher Suites

[AndyR]

Hi,

I have just created a VPS with Cloud C2 and by following your video instruction it was extremely easy. Thanks for the detailed information and making the software so easy to install and set up HTTPS. I have my Pineapple MKVII, Packet Squirrel MKII and LAN Turtle connected and working. I am have a challenge with my original Packet Squirrel but  am still working on that. Not being too familiar with VPSs or HTTPS from an implementation perspective I was surprised how quickly I could get it up and running securely.

I do have a question: I ran my Web URL against Qualys SSL Server Test and it states that TLS v1.0 and v1.1 are supporeted and the there are some non ECDHE ciphers in use that are weak. I looked through all the documentation and found nothing on that topic. Therefore I assume the config in the executable would need to be updated to selves those issues. Is that a good assumption? If so do you have plans to update the server config?

Thanks

Andy

[dark_pyrro]

You probably have to direct that question to official support

[AndyR]

@dark_pyrro oops. that is what I thought I was doing, but I will figure out where I do that.

Thanks

[dark_pyrro]

The Discord server and this forum is just community, not official support

Here's the link to contact official support

https://hak5.customerdesk.io/

[AndyR]

@dark_pyrro Thanks, I already went there but because it is a C2 Community edition there is no way to ask the question. Not a big deal, but thanks for the help anyway.

[Riggs]

I think these values are hardcoded to the binary itself. You could set up a reverse-proxy server in front of the C2 service and then configure the server acting as a reverse-proxy to only allow updated protocols and cipher suites. I've just done this myself for my nginx reverse-proxy sitting in front of my C2 service and everything seems to be working fine.

Before:

 

After:

[AndyR]

@Riggs thanks for the tip, I will try that.