Is there a way to specify which ciphers are allowed on the Duplicati web server?
I’ve set it up on a Debian host on my network, ticked off the box to ‘Allow remote access’, then enabled https with a self-signed cert by creating one and putting the following in /usr/lib/systemd/duplicati.service:
ExecStart=/usr/bin/duplicati-server --webservice-sslcertificatefile=/etc/ssl/certs/duplicati.p12 $DAEMON_OPTS
When I scanned the host with a vulnerability scanner it’s telling me that the thing is allowing the vulnerable SWEET32 cipher. I see the spot in the advanced options drop-down to allow only TLS 1.2 or 1.1 but I don’t see a spot to specify the ciphers.
I’m not allowing access from outside my LAN so it’s not a huge deal but I’m curious if there’s a way to do it.
Thanks in advance.