Skip to main content
Druva Documentation

inSync Master Server 5.9.8 does not support Forward Secrecy

This article applies to:

  • OS: All supported operating systems
  • Product edition: inSync On-Premise

Problem description

Forward secrecy (also called perfect forward secrecy) is a protocol feature that enables secure conversations that are not dependent on the private key of the server. With cipher suites that do not provide forward secrecy, someone who can recover a server’s private key can decrypt all the encrypted conversations recorded earlier. inSync must support and prefer ECDHE suits to enable forward secrecy with the modern web browsers. To support a wider range of clients, DHE suits must be used as a fall back after ECDHE to enable forward secrecy with the modern web browsers.

For more information and error description, see:  https://www.ssllabs.com/ssltest/analyze.html?d=ebk.quest-global.com

Resolution

At this time the product is working as designed. Druva recognizes that this is an identified vulnerability that requires attention and working to address this in future releases of the product. At this time this has been identified and is addressed in the 5.9.9 release