Which cipher suites are accepted by TLSv1.2?

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
u1ukbek
Posts: 3
Joined: Mon May 27, 2019 7:33 am

Which cipher suites are accepted by TLSv1.2?

Post by u1ukbek » Wed Jul 10, 2019 6:13 am

Deal all,

Please confirm or deny acceptance of SoftEther service using only TLSv1.2 following ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32),
TLS_RSA_WITH_RC4_128_MD5,
TLS_RSA_WITH_RC4_128_SHA.

Where can I find accepted ciphers for specific protocal version? Is it possible to disable specific weak ciphers?
--
Additional info:
- OpenVPN is not used.
- SSL(all), TLS v1.0, v1.1 are disabled.
- OpenVAS scan gave this result:
'Vulnerable' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA

With best regards,
u1ukbek

cladmonitor
Posts: 3
Joined: Tue Nov 13, 2018 6:16 pm

Re: Which cipher suites are accepted by TLSv1.2?

Post by cladmonitor » Tue Sep 17, 2019 4:40 pm

Bump, can somone please weigh in on this?!

The ability to use this is becoming more problematic by the day. There should be no legitimate reason that weak ciphers are enabled by default and even more so that there's no mechanism to choose the cipher suites used.

The OpenVPN components should have some further advanced config to allow or disallow suites, and more modern hashing algorithms.

Simply running https://www.ssllabs.com/ssltest/index.html against a SoftEther server returns scary results that pass no compliance or best practice scrutiny, our developer would love to weigh in on this but starting from the ground up on determining what changes need to be made seem like a massive task and would need somone whos done a deep-dive on the code to get started.

ozone
Posts: 62
Joined: Thu Sep 19, 2019 7:18 pm

Re: Which cipher suites are accepted by TLSv1.2?

Post by ozone » Sat Sep 21, 2019 3:25 pm

+1

I am looking for a solution too to avoid usage of weak ciphers in site to site vpn connections with servers of different makes.

cladmonitor
Posts: 3
Joined: Tue Nov 13, 2018 6:16 pm

Re: Which cipher suites are accepted by TLSv1.2?

Post by cladmonitor » Mon Sep 30, 2019 7:51 pm

Our internal developer (Nick H.) and I have worked through the following and will be presenting several pull requests which expose the ability to harden the openvpn and softether vpn components by doing the following.

1. For softether enforcing encryption server side.
- If this boolean is set to true in the config, encryption will be enforced. If the client is set to "disable encryption" during the negotiation the server will ignore the client and complete the tunnel with encryption. (this is client agnostic, meaning existing client versions do not need any changes)
2. For OpenVPN, only specific ciphers / MDs will be accepted.
- Two new string options in the server config will allow the server to discriminate on allowed ciphers and MDs to connect. (This includes removing the ability to set the cipher to "none")
3. Increasing the Radius time-out.
- The current 10 second maximum radius connection timeout is entirely too small. Since modern MFA has been introduced that holds the radius session open in waiting for a MFA exchange to occur, the 10 seconds and auto-reattempt will cause multiple MFA tokens to be sent/requested which has been a major issue with SE.
4. Cipher Availability Limiting
- Because the web server of softether allows the entire list of ciphers to be exposed for connection (regardless of what is configured using "CipherName") it exposes a tremendous amount of risk that the web server could be an attack vector. We are going to propose a new String value option to limit the available cipher packages within SoftEther in general (this one we are still testing best implementation options).

Thanks,
Eric Sakariasen
CTO
Connetic IT Support

pawnup
Posts: 3
Joined: Tue Dec 24, 2019 12:07 pm

Re: Which cipher suites are accepted by TLSv1.2?

Post by pawnup » Wed Dec 25, 2019 9:11 pm

I am a new user and got a pen tester to look into my VPN. His report suggests Cipher needs to be improved.
You do not have the required permissions to view the files attached to this post.

ethanolson
Posts: 36
Joined: Mon Dec 02, 2019 6:29 am

Re: Which cipher suites are accepted by TLSv1.2?

Post by ethanolson » Fri Dec 27, 2019 4:43 am

I understand the thinking that if a client is dumb enough to ask for RC4, then they do it to themselves, but I so wish this were possible on the server side. I'm hoping somebody discovers a byte string you can place in the server config. For example, you can already disable TLS 1.0 and TLS 1.1 (what about SSLv3?), so how about a ciphers list? Maybe like the below.

Asymmetric:
TLS_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

Symmetric:
AES-256-GCM
AES-192-GCM
AES-128-GCM
CAMELLIA-256-CBC
CAMELLIA-192-CBC
AES-256-CBC
AES-192-CBC

There's got to be some way to do this. Maybe it can be done when compiled? Anybody know?

ethanolson
Posts: 36
Joined: Mon Dec 02, 2019 6:29 am

Re: Which cipher suites are accepted by TLSv1.2?

Post by ethanolson » Sat Dec 28, 2019 3:14 pm

I just realized that if you can use a port other than 443 then the pen tester might not pick up on it at all. Security by obfuscation. If your clients are using the SE client, then you can determine which cipher they use in SE server's encryption settings. However, if they're using an old SE client then you may have a fallback situation where the client and server negotiate a lower level of encryption. I tested it years ago and was disappointed by the results because it used something awful... maybe RC4-MD5... like really bad. I don't know if it's better now but beware. I use the SE client and OpenVPN clients and everything is well defined and my security ciphers negotiated are always satisfactory.

Still hoping, like you, for a way to completely eliminate certain protocols from the stack but I'm no good at tweaking and compiling software so this will have to be given to us by the developers.

nologo73
Posts: 2
Joined: Wed Mar 25, 2020 9:51 am

Re: Which cipher suites are accepted by TLSv1.2?

Post by nologo73 » Wed Mar 25, 2020 10:05 am

Hi,
same here I made some Check TLS Version and SSL/TLS Vulnerability Scanner freely available online.
the results show that weak protocols/ciphers version are also active.
It would be better to disable them by default
thank you
nolo

Post Reply