Disable SSL / TLS 1.0 in OpenVPN

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
cxeonline
Posts: 1
Joined: Tue Dec 01, 2020 3:58 pm

Disable SSL / TLS 1.0 in OpenVPN

Post by cxeonline » Tue Dec 01, 2020 4:14 pm

Hello,
I am getting PCI compliance fails at a site that uses SoftEther with OpenVPN. The only port I have forwarded to the SoftEther setup is 1194, and it is giving several security vulnerability warnings related to SSL and TLS 1.0 being available. This is a relatively recent install with new OpenVPN client software installed on the remote machines, so they will support TLS 1.2.

How can I disable SSL and TLS 1.0 / 1.1 for OpenVPN?
Thanks,

lawsangel
Posts: 12
Joined: Fri Feb 19, 2021 6:04 pm

Re: Disable SSL / TLS 1.0 in OpenVPN

Post by lawsangel » Fri Feb 19, 2021 6:58 pm

Open your Virtual Hub and open "Edit Config"
Save the config file locally so you can edit it.
Open file with text editor.
Search for the following:
bool Tls_Disable1_0 false
bool Tls_Disable1_1 false
bool Tls_Disable1_2 false
bool Tls_Disable1_3 false

Change which ever version you want disabled to true, in my case i've only left 1.3 enabled and looks like this:
bool Tls_Disable1_0 true
bool Tls_Disable1_1 true
bool Tls_Disable1_2 true
bool Tls_Disable1_3 false

Save the config.
Go back to "Edit Config" in your virtual hub.
Import File and Apply.
SoftEther Server manager should restart, so make sure nobody is connected.
Selected TLS options should now be disabled.

Hope that helps.

Post Reply