Which cipher suites are accepted by TLSv1.2?

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
u1ukbek
Posts: 3
Joined: Mon May 27, 2019 7:33 am

Which cipher suites are accepted by TLSv1.2?

Post by u1ukbek » Wed Jul 10, 2019 6:13 am

Deal all,

Please confirm or deny acceptance of SoftEther service using only TLSv1.2 following ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32),
TLS_RSA_WITH_RC4_128_MD5,
TLS_RSA_WITH_RC4_128_SHA.

Where can I find accepted ciphers for specific protocal version? Is it possible to disable specific weak ciphers?
--
Additional info:
- OpenVPN is not used.
- SSL(all), TLS v1.0, v1.1 are disabled.
- OpenVAS scan gave this result:
'Vulnerable' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA

With best regards,
u1ukbek

cladmonitor
Posts: 1
Joined: Tue Nov 13, 2018 6:16 pm

Re: Which cipher suites are accepted by TLSv1.2?

Post by cladmonitor » Tue Sep 17, 2019 4:40 pm

Bump, can somone please weigh in on this?!

The ability to use this is becoming more problematic by the day. There should be no legitimate reason that weak ciphers are enabled by default and even more so that there's no mechanism to choose the cipher suites used.

The OpenVPN components should have some further advanced config to allow or disallow suites, and more modern hashing algorithms.

Simply running https://www.ssllabs.com/ssltest/index.html against a SoftEther server returns scary results that pass no compliance or best practice scrutiny, our developer would love to weigh in on this but starting from the ground up on determining what changes need to be made seem like a massive task and would need somone whos done a deep-dive on the code to get started.

ozone
Posts: 3
Joined: Thu Sep 19, 2019 7:18 pm

Re: Which cipher suites are accepted by TLSv1.2?

Post by ozone » Sat Sep 21, 2019 3:25 pm

+1

I am looking for a solution too to avoid usage of weak ciphers in site to site vpn connections with servers of different makes.

Post Reply