TWSD-1387 - Requirement of SLB WebUI should be opened on TLS v 1.3

Review Request #1228 — Created Dec. 12, 2025 and submitted Dec. 12, 2025, 4:30 p.m. — Latest diff uploaded Dec. 12, 2025, 3:31 p.m.

Information
Owner:	shuinvy
Repository:	APV10
Branch:	rel_apv_10_7
Bugs:	TWSD-1387
Depends On:
Reviewers
Groups:
People:	mingji, peteryeh, weikai

Description

Add TLSv1.3 to webui SSL ciphersuites and protocols

Testing Done

The ticket link:

https://arraynetworks.atlassian.net/browse/TWSD-1387
I added TLSv1.3 to the CLI:

webui ssl settings ciphersuites

and

webui ssl settings protocol

However,

we should upgrade our lighttpd to let our WebUI server take the effect.

so I comment the options in the WebUI.
The C code changes will influence the result of configuration of lighttpd file:

usr\click\webui\conf\lighttpd.conf

the path in the device is:

/var/run/new_webui.conf
If you use the CLI, then you can add TLSv1.3 feature to the configuration.

For example:

ssl.cipher-list = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:TLS-AES256-GCM-SHA384:TLS-AES128-GCM-SHA256"

And

ssl.openssl.ssl-conf-cmd = ("Protocol" => "-ALL,TLSv1.3")

You have a pending review.

Review Board 5.0.5

TWSD-1387 - Requirement of SLB WebUI should be opened on TLS v 1.3