Disable SSL / TLS 1.0 in OpenVPN

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
cxeonline
Posts: 1
Joined: Tue Dec 01, 2020 3:58 pm

Disable SSL / TLS 1.0 in OpenVPN

Post by cxeonline » Tue Dec 01, 2020 4:14 pm

Hello,
I am getting PCI compliance fails at a site that uses SoftEther with OpenVPN. The only port I have forwarded to the SoftEther setup is 1194, and it is giving several security vulnerability warnings related to SSL and TLS 1.0 being available. This is a relatively recent install with new OpenVPN client software installed on the remote machines, so they will support TLS 1.2.

How can I disable SSL and TLS 1.0 / 1.1 for OpenVPN?
Thanks,

lawsangel
Posts: 15
Joined: Fri Feb 19, 2021 6:04 pm

Re: Disable SSL / TLS 1.0 in OpenVPN

Post by lawsangel » Fri Feb 19, 2021 6:58 pm

Open your Virtual Hub and open "Edit Config"
Save the config file locally so you can edit it.
Open file with text editor.
Search for the following:
bool Tls_Disable1_0 false
bool Tls_Disable1_1 false
bool Tls_Disable1_2 false
bool Tls_Disable1_3 false

Change which ever version you want disabled to true, in my case i've only left 1.3 enabled and looks like this:
bool Tls_Disable1_0 true
bool Tls_Disable1_1 true
bool Tls_Disable1_2 true
bool Tls_Disable1_3 false

Save the config.
Go back to "Edit Config" in your virtual hub.
Import File and Apply.
SoftEther Server manager should restart, so make sure nobody is connected.
Selected TLS options should now be disabled.

Hope that helps.

JanP
Posts: 2
Joined: Tue Feb 23, 2021 10:27 pm

Re: Disable SSL / TLS 1.0 in OpenVPN

Post by JanP » Fri Jul 21, 2023 9:58 pm

Hello,

I was able to disable TLS 1.0 and 1.1 by these instructions. However, after the change is applied, I'm not able to connect to the server with SoftEther VPN Server Manager.

I'm using Server Manager for Mac, which is pretty old (version 4.21). Unfortunately, for some reason there is no newer Mac OS version available for download. Updated versions are only available for Windows OS. We are not using Windows workstations, so some sort of solution for Mac OS would be greatly appreciated.

Is it possible to configure Mac OS version to work with TLS 1.2 and/or TLS 1.3? Not sure if this would be a setting for VPN Server Manager or Mac OS, which is Mojave btw.

Thank you,
Jan

Post Reply