50 Function Description
WAGO I/O System Compact
751-9301 Compact Controller 100
Manual
Version 1.1.0, valid from FW Version 03.08.07(20)
5.1.2.2 Web Protocols for WBM Access
The HTTP and HTTPS web protocols can be used to access the WBM pages for
the controller. HTTPS is preferred because it uses the SSL/TLS protocol. The
SSL/TLS protocol ensures secure communication through encryption and
authentication
The default setting for the controller allows strong encryption, but uses only
simple authentication methods. As authentication for any secure communication
channel plays a central role, it is strongly recommended that you use secure
authentication. The security certificate saved on the controller is the basis for
authentication. The default location for the security certificate is:
/etc/lighttpd/https-cert.pem
As delivered, the controller uses a generic security certificate based on x509. To
allow secure authentication, you must replace the generic security certificate with
a security certificate specific for the individual device.
5.1.2.2.1 TLS Encryption
When an HTTPS connection is established, the Web browser and Webserver
negotiate what TLS version and what cryptographic method are to be used.
The “TLS Configuration” group of the WBM page “Security” can be used to switch
the cryptographic methods allowed for HTTPS and the TLS versions that can be
used.
The settings “Strong” and “Standard” are possible.
If “Strong” is set, the Webserver only allows TLS Version 1.2 and strong
algorithms.
Older software and older operating systems may not support TLS 1.2 and
encryption algorithms.
If “Standard” is set, TLS 1.0, TLS 1.1 and TLS 1.2 are allowed, as well as
cryptographic methods that are no longer considered secure.
BSI Technical Guidelines TR-02102
The rules for the “Strong” setting are based on technical guidelines TR-02102 of
the German Federal Office for Information Security.
You can find the guidelines on the Internet at:
“Publications” > “Technical Guidelines.”