cancel
Showing results for 
Search instead for 
Did you mean: 

Unleashed Web Server Proposal: Remove 1024-bit RSA keys, use 2048-bit by default, and add 4096-bit

BobaEnjoyer
New Contributor II

Unleashed:  200.14.6.1.179 (April 2023)

Ruckus-Unleashed-Certificate-Advanced-Options.png

 

In Admin & Services --> Administration --> Certificate --> Advanced Options, we see options for the Unleashed web server.  Although this is "just" Unleashed which is usually an internal web server in SMB and home environments, I still think it's important to follow industry best practices.  I believe that 1024-bit RSA has been deprecated many years ago; I've seen various articles that talked about retiring it in 2009, 2013, 2015, etc.

I propose completely removing 1024-bit and making 2048-bit private keys the new minimum default.  But also adding a new option for 4096-bit.  It doesn't really hurt anything, in my experience.

There's also a few grammatical errors in the English version of Unleashed (sorry!) that would look better if fixed.

In case my screenshot is too small:

"Re-generate a new private key of a specific key length. This function is only needed when your certificate vendor only accepts 2048 key length instead of 1024 key length. Warning: The Unleashed will be rebooted after re-generating a new private key."

* get rid of "The" Unleashed in the last sentence.  Also the middle sentence will no longer be necessary with the new 2048-bit default so maybe delete it.

"Import a trusted CA to Unleashed. When Unleashed received receives a server's certificate, Unleashed it will match the server's CA against the Unleashed's list of trusted CAs. If there is not match, Unleashed will send an error."

should be "Import a trusted CA to Unleashed.  When Unleashed receives a server's certificate, it will match the server's CA against Unleashed's list of trusted CAs.  If there is no match, Unleashed will send an error.

Thank you for your consideration.  I appreciate the hard work of the internal team in making Unleashed a great product for SMB and advanced home users.  I hope it sticks around for many, many more generations of AP and ICX products.

3 REPLIES 3

syamantakomer
Community Admin
Community Admin

Hello @BobaEnjoyer,

Thank you for taking time to test out Unleashed and sharing your feedback for the improvements.

Your feedback has been shared with the product team, but implementation of any suggestion is subject to decision made by RUCKUS Networks product teams.

On behalf of RUCKUS Networks, we thank you for your contribution to the community and loving our products!


Syamantak Omer
Sr.Staff TSE | CWNA | CCNA | RCWA | RASZA | RICXI
RUCKUS Networks, CommScope!
Follow me on LinkedIn

sanjay_kumar
RUCKUS Team Member

Hello @BobaEnjoyer,

Thank you for taking time to test out Unleashed and sharing your feedback for the improvements.
Let me discuss with the team and will keep you posted if there is any update.

sanjay_kumar
RUCKUS Team Member

Hi @BobaEnjoyer 

For the RSA key, we will be adding 3072 bit length for now and we are also keeping the 1024 bit length to support base version. This will be fixed in 200.15 version.

And we will also correct the grammatical mistakes in the upcoming release.