Release Notes: R&S®Web Application Firewall – 6.5.2

Rohde & Schwarz Cybersecurity is proud to announce the release of R&S®Web Application Firewall – 6.5.2  Available in two editions, Business and Enterprise, it will meet your development needs, your technical environment and your security policy. By taking into account deployment mode, type and number of applications, environmental complexity, and regulatory and industry standards, you can choose the most appropriate edition to provide the most appropriate security measures for your organization. A state-of-the-art platform for securing Web applications, Web services and APIs, R&S®Web Application Firewall is the essential security solution for all types of organizations, public authorities and large companies.

1 Major enhancements

1.1 Licenses

R&S®Web Application Firewall – two editions to meet different needs

Since the release of 6.5.2, R&S®Web Application Firewall is available in two different versions or ‘Editions’: Business and Enterprise to address different use cases with the right capabilities.

Business Edition is the entry-level solution, run on less powerful appliances/virtual machines with limited core security functionalities (Generic patterns-ICX, Heuristics via Scoring List and API Security based on JSON / XML).

Enterprise Edition is essentially ‘Business Edition’ with extra features that advanced and enterprise users are likely to want to take advantage of: complementary security engines, available with Advanced Security, Extended APISecurity to protect API-based custom applications & Machine-to-Machine communications. Comprehensive Analytics & Reporting as well as Web Access Manager optional modules are only available withEnterprise Edition. IP Reputation is an optional service available with both Editions.

It is not possible to deploy different editions in the same environment. For more information about, see the Licenses page.

2 Minor enhancements

2.1 rWeb Migration

The scope of migrated features from rWeb to R&S®Web Application Firewall have been increased. The following configurations from rWeb are now migrated:

  • NTP,
  • Syslog destination,
  • SMTP destination,
  • Application monitoring.

For more details about which feature is automatically migrated, see the page Migration status from rWeb.

2.2 SSL Cipher profiles

The view of SSL Cipher profiles has been improved to provide a better ciphers management. Ciphers can now be simply filtered by names:

Release Notes 6.5

Further enhancements will continue in next versions.

2.3 Components upgrade

  • Elasticsearch and Kibana from 5.6.10 to 5.6.14
  • NodeJs from 8.9 to 8.15
  • Kernel from 3.10.0-862.14.4.el7.x86_64 to 3.10.0-957.1.3.el7.x86_64
  • rsyslog from 8.37.0-1.el7.x86_64 to 8.40.0-1.el7.x86_64

3 Behavior changes

3.1 Monitoring frequency

The monitoring frequency has been decreased to every 1 minute instead of every 15 seconds.

3.2 OpenSSL version migration

We’ve decided to not build our own OpenSSL and use the one from the CentOS system. It allows use to have the same SSL behavior for each component (Apache, Curl, Backend Monitor, etc …). This leads to deprecate some
ciphers and elliptic curves.

3.2.1 SRP SSL ciphers removed

Secure Remote Password ciphers are not handled by the WAF anymore. ‘SRP-*’ ciphers have been marked has “not supported” in SSL cipher profiles. They have to be removed from the ‘Selected Ciphers’ list before applying
tunnels.

Here is the list of unsupported ciphers since the 6.5.2 version:

  • SRP-DSS-AES-256-CBC-SHA
  • SRP-RSA-AES-256-CBC-SHA
  • SRP-AES-256-CBC-SHA
  • SRP-DSS-AES-128-CBC-SHA
  • SRP-RSA-AES-128-CBC-SHA
  • SRP-AES-128-CBC-SHA
  • SRP-DSS-3DES-EDE-CBC-SHA
  • SRP-RSA-3DES-EDE-CBC-SHA
  • SRP-3DES-EDE-CBC-SHA

For more information about ciphers see the SSL Cipher Profiles3 page.

3.2.2 SSL Elliptic Curve

The Elliptic Curves list that we handle as changed, we now supported the following curves:

  • secp256k1 : SECG curve over a 256 bit prime field
  • secp384r1 : NIST/SECG curve over a 384 bit prime field
  • secp521r1 : NIST/SECG curve over a 521 bit prime field
  • prime256v1: X9.62/SECG curve over a 256 bit prime field

4 Bug fixes

Download our Release Notes for more information

5 Known Issures

Download our Release Notes for more information

 

Amaury le Roux - Marketing Assistant on Linkedin
Amaury le Roux - Marketing Assistant
Amaury is our marketing assistant. Passionate about new marketing strategies, he actively participates in our communication via our blog, website and social networks. He brings us all his enthusiasm to contribute to the success of our projects.
Paste your AdWords Remarketing code here

By continuing to browse on our website, you agree to the use of Cookies for: (i) the operation and interactivity of our website, (ii) measuring the audience of our website and analyse your browsing. More information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close