On This Page

Security Improvements

TOS implements the following essential security best practices.

SSL Configurations for HTTP Access

Disabled Configurations

SSL v3 protocol in SSL configuration
TLS v1.0 and TLS v1.1 protocols
SHA-1 ciphers in SSL ciphers configuration
CBC padding in SSL ciphers configuration
AES128 SSL configuration

Supported Configurations

TLS v1.2 and TLS v1.3 protocols
Only strong (HIGH) ciphers allowed in SSL ciphers configuration

Improved Security on HTTP Responses

Resolved ETag Inode information leakage vulnerability
Added HTTP header X-Content-Type-Options: nosniff to all responses
Added HTTP header Strict-Transport-Security to all responses
Added HTTP header X-XSS-Protection "1; mode=block" to all responses
Added HTTP header X-Frame-Options SAMEORIGIN to all responses

Supported HTTP Methods

Supported HTTP methods are: GET, POST, PUT, PATCH and DELETE. For security reasons, the OPTION HTTP method is not supported.



Was this helpful?

Thank you!

We’d love your feedback

We really appreciate your feedback

Send Feedback in email

Send this page to a colleague