Hi all,
Just wondering if its possible to harden the Mikrotik on its various SSL/TLS services?
I see SSTP you can force tlsv1.2, AES and PFS. (although when testing using SSLLabs - “This server does not support Forward Secrecy”)
IP>Services>www-ssl - tests show it offers RC4, TLSv1.0, TLSv1.1 which I would like to disable. (it also seems like www-ssl supports ECC certificates which is great).
I haven’t checked api-ssl but I think it would be similar to the www-ssl?
Any suggestions or news on this front?