Hello,
I am getting PCI compliance fails at a site that uses SoftEther with OpenVPN. The only port I have forwarded to the SoftEther setup is 1194, and it is giving several security vulnerability warnings related to SSL and TLS 1.0 being available. This is a relatively recent install with new OpenVPN client software installed on the remote machines, so they will support TLS 1.2.
How can I disable SSL and TLS 1.0 / 1.1 for OpenVPN?
Thanks,
Disable SSL / TLS 1.0 in OpenVPN
-
lawsangel
- Posts: 15
- Joined: Fri Feb 19, 2021 6:04 pm
Re: Disable SSL / TLS 1.0 in OpenVPN
Open your Virtual Hub and open "Edit Config"
Save the config file locally so you can edit it.
Open file with text editor.
Search for the following:
bool Tls_Disable1_0 false
bool Tls_Disable1_1 false
bool Tls_Disable1_2 false
bool Tls_Disable1_3 false
Change which ever version you want disabled to true, in my case i've only left 1.3 enabled and looks like this:
bool Tls_Disable1_0 true
bool Tls_Disable1_1 true
bool Tls_Disable1_2 true
bool Tls_Disable1_3 false
Save the config.
Go back to "Edit Config" in your virtual hub.
Import File and Apply.
SoftEther Server manager should restart, so make sure nobody is connected.
Selected TLS options should now be disabled.
Hope that helps.
Save the config file locally so you can edit it.
Open file with text editor.
Search for the following:
bool Tls_Disable1_0 false
bool Tls_Disable1_1 false
bool Tls_Disable1_2 false
bool Tls_Disable1_3 false
Change which ever version you want disabled to true, in my case i've only left 1.3 enabled and looks like this:
bool Tls_Disable1_0 true
bool Tls_Disable1_1 true
bool Tls_Disable1_2 true
bool Tls_Disable1_3 false
Save the config.
Go back to "Edit Config" in your virtual hub.
Import File and Apply.
SoftEther Server manager should restart, so make sure nobody is connected.
Selected TLS options should now be disabled.
Hope that helps.
-
JanP
- Posts: 2
- Joined: Tue Feb 23, 2021 10:27 pm
Re: Disable SSL / TLS 1.0 in OpenVPN
Hello,
I was able to disable TLS 1.0 and 1.1 by these instructions. However, after the change is applied, I'm not able to connect to the server with SoftEther VPN Server Manager.
I'm using Server Manager for Mac, which is pretty old (version 4.21). Unfortunately, for some reason there is no newer Mac OS version available for download. Updated versions are only available for Windows OS. We are not using Windows workstations, so some sort of solution for Mac OS would be greatly appreciated.
Is it possible to configure Mac OS version to work with TLS 1.2 and/or TLS 1.3? Not sure if this would be a setting for VPN Server Manager or Mac OS, which is Mojave btw.
Thank you,
Jan
I was able to disable TLS 1.0 and 1.1 by these instructions. However, after the change is applied, I'm not able to connect to the server with SoftEther VPN Server Manager.
I'm using Server Manager for Mac, which is pretty old (version 4.21). Unfortunately, for some reason there is no newer Mac OS version available for download. Updated versions are only available for Windows OS. We are not using Windows workstations, so some sort of solution for Mac OS would be greatly appreciated.
Is it possible to configure Mac OS version to work with TLS 1.2 and/or TLS 1.3? Not sure if this would be a setting for VPN Server Manager or Mac OS, which is Mojave btw.
Thank you,
Jan