about tls/ssl vulnerability of softethervpn

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
kavayinei
Posts: 2
Joined: Tue Nov 06, 2018 11:16 am

about tls/ssl vulnerability of softethervpn

Post by kavayinei » Tue Nov 06, 2018 11:32 am

when i use a vulnerability scan tool to scan my vpn server which i deployed it with Softether-vpnserver v4.28-9669.
the scan result come out with a vulnerability.
i want to know how to fix it.
the detail information i post below.
The SSL/Tls protocol is widely used encryption protocol.The Bar Mitzvah attack actually exploits the "invariant vulnerablity",which is a flaw in the RC4 algorithm. which can leak ssl/tls encrypted traffic in some cases. the ciphertext,which leaks account username password,credit card data and other sensitive information to hakers.

thisjun
Posts: 2458
Joined: Mon Feb 24, 2014 11:03 am

Re: about tls/ssl vulnerability of softethervpn

Post by thisjun » Thu Nov 15, 2018 9:00 am

Please use another cipher.
You can change the cipher in 'Encryption and Network' on Server Manager.
Still, the server accepts RC4, but it is not used for VPN communication.

Post Reply