SSG 4 Patch #13 – Enhanced walled garden support for HTTPS domains

Grace NacesRelease Notes, SSG 4 Release Notes

This patch adds the following:

  • Enhanced walled garden support for HTTPS domains without having to specify their IP addresses, especially for those served by content delivery networks
    • Note: pre-update ‘HTTPS Domains’ settings will now be under the ‘Proxy Domains’ tab
  • Enhanced web security, addressing security weaknesses:
    • CVE-2015-1993 (Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute)
    • CVE-2015-4000 (Man-in-the-middle attack to downgrade vulnerable TLS connections to 512-bit export-grade cryptography, aka Logjam)
  • Enhanced database security
  • Enhanced security with additional system hardening
  • Upgrades for improved efficiency:
    • Packet-marking system module
    • High Availability (HA) network interface component
  • Gateway’s default SSL certificate expiry extended to April 7, 2021

This patch fixes the following issues where:

  • HA traffic gets very high when there are many downstream users
  • DHCP NAK carries wrong source IP

Upon successful patching, the system will automatically reboot.

SSG4 Bulk 3 Patch 13
File Name: 13.SSG400_base-sys-bulk03-20181115-01.pkg
File Size: 25375648 bytes
MD5 Checksum: 746e5b79cb942856fdb8296f5f6cf68a
Release Date: 2019-04-23 10:00 SGT