Hi,
I was wondering if it is needed the SHA-256 algorithm to generate a certificate request for node-red or if another algorithm could be used.
Thanks!!
Hi,
I was wondering if it is needed the SHA-256 algorithm to generate a certificate request for node-red or if another algorithm could be used.
Thanks!!
You will need to check out what node.js's https library supports I think?
Some algorithms have been deprecated over the last few years due to vulnerabilities and the increased power of systems that can brute-force them.
Thanks for your response!! The problem is that I cannot find any information about why should we choose the sha-256 algorithm instead of another one. Also, I don't know what different options could we have.
A couple of reference links for you to help you decide
SSL/TLS Best Practices for 2021 - SSL.com
Using Transport Layer Security to protect data - NCSC.GOV.UK
I should also note that I generally don't bother too much about the TLS configuration in Node-RED since I'll use a reverse proxy to do the TLS termination for anything serious. I only have it turned on in Node-RED to stop my browser whinging about "insecure" sites when I connect directly.
For external access, I also prefer to only allow that via Cloudflare into the proxy. Cloudflare is able to provide a further level of protection and adds some basic DDOS protection.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.