Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Security Options

Start getting familiar with Juniper Mist™ security features.

Use the information in this chapter to configure your firewall, select security options for your organization, control access to the Juniper Mist portal, and monitor logins. Also explore additional resources about the security features of the Juniper Mist cloud, data privacy at Juniper, and setting up security in your wireless, wired, or WAN configuration.

End Support for Cipher Suites Using Cipher Block Chaining (CBC)

Juniper Mist has ended support of cipher suites using the Cipher Block Chaining (CBC). These cipher suites are known to be susceptible to attacks such as padding oracle attack, which can lead to data leaks and other security issues. This change affects the systems and software that rely on the following cipher suites to interact with Juniper Mist API and Mist Dashboard:

  • ECDHE-ECDSA-AES128-SHA256
  • ECDHE-RSA-AES128-SHA256
  • ECDHE-ECDSA-AES256-SHA384
  • ECDHE-RSA-AES256-SHA384

The following ciphers are supported for TLS 1.2+ protocols (Server Preferred Order):

  • ECDHE-ECDSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-ECDSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-GCM-SHA384

More Information

A cipher suite is a cryptographic algorithm set to secure network communications. CBC is a mode of operation for block ciphers commonly used in Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. Therefore, modern security standards recommend using more secure cipher suites, such as Galois/Counter Mode (GCM).