Today we are publishing update version 220.127.116.11 for the Sophos Web Appliance. This is a fairly small update that covers a couple of security-related issues.
The most significant change removes support for Microsoft Internet Explorer 8.0 and earlier when using the Web Appliance's administrative UI by removing some old, weak cipher suites. We had kept these cipher suites enabled for compatibility reasons even though we added newer, stronger ciphers and TLS protocol versions. Customers using modern, secure browsers would have used these stronger ciphers. However, we heard from a number of our customers that the presence of support for older ciphers was causing issues with compliance audits for some data security standards.
This update also includes a further change, after v4.3.2, that allows us to complete our switch to using HTTPS for product updates. This change was covered in my previous post.
As always, more information can be found by reading the release notes.