Dear all,
I hope you’re all doing well in this special times!
I have a quite simple question I guess and a very rookie one, too
Right now I am running the IPFire 2.23 (x86_64) - Core Update 139. I wanted to upgrade to the current version and wanted to make a clean installation on my second device.
I am using a static gateway on RED so I saw the (at least for me) “new” setting in the setup where I am just setting the gateway itself and not the DNS servers. In the Wiki I found the entry that I have to enter it my self in the WebUI in Network/Domian name system. The screenshot in the Wiki shows that the entry if the IP adress (obviously) and the entry of the TLS hostname are obligate but in the WebUI of the IPFire core 145 the TLS hostname is not (any more?)
So my question. Is it still required to add the TLS hostname? If not, are there any disadvantages to not do so?
I am really asking mainly for my personal interest ^^
for security reasons, please keep your IPFire machines up to date. Core Update 139 was released at January 9th, 2020, and you do not want to run a firewall on this security level.
Is it still required to add the TLS hostname?
As @anon33261557 already mentioned: Yes. Otherwise you would do something like opportunistic TLS against unverified servers, thus being vulnerable to MITM attacks.
edit: Shameful following question - just to make sure: The TLS hostname ist the same that it displayed in the rDNS tab in my current firewall? So e.g.: .name1.name2-name3.de? (without the leading “.” - just made it here to create no link)
It should match in most cases but not always. The rDNS is the answer from DNS if you reverse resolve the IP. The TLS hostname is the name that used in the TLS handshake with the server. The rDNS is often set by the ISP and the admin cannot easy change this.