SSG 4 Patch #13 – Enhanced walled garden support for HTTPS domains
This patch adds the following:
- Enhanced walled garden support for HTTPS domains without having to specify their IP addresses, especially for those served by content delivery networks
- Note: pre-update ‘HTTPS Domains’ settings will now be under the ‘Proxy Domains’ tab
- Enhanced web security, addressing security weaknesses:
- CVE-2015-1993 (Sensitive Cookie in HTTPS Session Without ‘Secure’ Attribute)
- CVE-2015-4000 (Man-in-the-middle attack to downgrade vulnerable TLS connections to 512-bit export-grade cryptography, aka Logjam)
- Enhanced database security
- Enhanced security with additional system hardening
- Upgrades for improved efficiency:
- Packet-marking system module
- High Availability (HA) network interface component
- Gateway’s default SSL certificate expiry extended to April 7, 2021
This patch fixes the following issues where:
- HA traffic gets very high when there are many downstream users
- DHCP NAK carries wrong source IP
Upon successful patching, the system will automatically reboot.
SSG4 Bulk 3 Patch 13
File Name: 13.SSG400_base-sys-bulk03-20181115-01.pkg
File Size: 25375648 bytes
MD5 Checksum: 746e5b79cb942856fdb8296f5f6cf68a
Release Date: 2019-04-23 10:00 SGT