6 votesmattm commented
I too have a requirement to be able to pass Client Authentication Certificates from users outside the LAN to Webservers hosted through Web Server Protection.
Presently it seems to Sophos simply ignores Client Certificates.
This is being implemented in v17 as a UI configurable option.
Note though, that PCI standards enforcing this requirement do not go into effect until mid-2018. Any audit failures due to crypto strength, prior to then, are premature.mattm commented
The granular control of cipher suites and encryptions protocols is a growing need as automated scanning and compliance becomes more prevalent.
I'm fine with not having a web UI that allows complete configuration so long as there's comperehensive online documentation about how to perform configuration from the CLI.
We’re considering this