Deal all,
Please confirm or deny acceptance of SoftEther service using only TLSv1.2 following ciphers:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32),
TLS_RSA_WITH_RC4_128_MD5,
TLS_RSA_WITH_RC4_128_SHA.
Where can I find accepted ciphers for specific protocal version? Is it possible to disable specific weak ciphers?
--
Additional info:
- OpenVPN is not used.
- SSL(all), TLS v1.0, v1.1 are disabled.
- OpenVAS scan gave this result:
'Vulnerable' cipher suites accepted by this service via the TLSv1.2 protocol:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (SWEET32)
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
With best regards,
u1ukbek
Which cipher suites are accepted by TLSv1.2?
-
- Posts: 3
- Joined: Tue Nov 13, 2018 6:16 pm
Re: Which cipher suites are accepted by TLSv1.2?
Bump, can somone please weigh in on this?!
The ability to use this is becoming more problematic by the day. There should be no legitimate reason that weak ciphers are enabled by default and even more so that there's no mechanism to choose the cipher suites used.
The OpenVPN components should have some further advanced config to allow or disallow suites, and more modern hashing algorithms.
Simply running https://www.ssllabs.com/ssltest/index.html against a SoftEther server returns scary results that pass no compliance or best practice scrutiny, our developer would love to weigh in on this but starting from the ground up on determining what changes need to be made seem like a massive task and would need somone whos done a deep-dive on the code to get started.
The ability to use this is becoming more problematic by the day. There should be no legitimate reason that weak ciphers are enabled by default and even more so that there's no mechanism to choose the cipher suites used.
The OpenVPN components should have some further advanced config to allow or disallow suites, and more modern hashing algorithms.
Simply running https://www.ssllabs.com/ssltest/index.html against a SoftEther server returns scary results that pass no compliance or best practice scrutiny, our developer would love to weigh in on this but starting from the ground up on determining what changes need to be made seem like a massive task and would need somone whos done a deep-dive on the code to get started.
-
- Posts: 65
- Joined: Thu Sep 19, 2019 7:18 pm
Re: Which cipher suites are accepted by TLSv1.2?
+1
I am looking for a solution too to avoid usage of weak ciphers in site to site vpn connections with servers of different makes.
I am looking for a solution too to avoid usage of weak ciphers in site to site vpn connections with servers of different makes.
-
- Posts: 3
- Joined: Tue Nov 13, 2018 6:16 pm
Re: Which cipher suites are accepted by TLSv1.2?
Our internal developer (Nick H.) and I have worked through the following and will be presenting several pull requests which expose the ability to harden the openvpn and softether vpn components by doing the following.
1. For softether enforcing encryption server side.
- If this boolean is set to true in the config, encryption will be enforced. If the client is set to "disable encryption" during the negotiation the server will ignore the client and complete the tunnel with encryption. (this is client agnostic, meaning existing client versions do not need any changes)
2. For OpenVPN, only specific ciphers / MDs will be accepted.
- Two new string options in the server config will allow the server to discriminate on allowed ciphers and MDs to connect. (This includes removing the ability to set the cipher to "none")
3. Increasing the Radius time-out.
- The current 10 second maximum radius connection timeout is entirely too small. Since modern MFA has been introduced that holds the radius session open in waiting for a MFA exchange to occur, the 10 seconds and auto-reattempt will cause multiple MFA tokens to be sent/requested which has been a major issue with SE.
4. Cipher Availability Limiting
- Because the web server of softether allows the entire list of ciphers to be exposed for connection (regardless of what is configured using "CipherName") it exposes a tremendous amount of risk that the web server could be an attack vector. We are going to propose a new String value option to limit the available cipher packages within SoftEther in general (this one we are still testing best implementation options).
Thanks,
Eric Sakariasen
CTO
Connetic IT Support
1. For softether enforcing encryption server side.
- If this boolean is set to true in the config, encryption will be enforced. If the client is set to "disable encryption" during the negotiation the server will ignore the client and complete the tunnel with encryption. (this is client agnostic, meaning existing client versions do not need any changes)
2. For OpenVPN, only specific ciphers / MDs will be accepted.
- Two new string options in the server config will allow the server to discriminate on allowed ciphers and MDs to connect. (This includes removing the ability to set the cipher to "none")
3. Increasing the Radius time-out.
- The current 10 second maximum radius connection timeout is entirely too small. Since modern MFA has been introduced that holds the radius session open in waiting for a MFA exchange to occur, the 10 seconds and auto-reattempt will cause multiple MFA tokens to be sent/requested which has been a major issue with SE.
4. Cipher Availability Limiting
- Because the web server of softether allows the entire list of ciphers to be exposed for connection (regardless of what is configured using "CipherName") it exposes a tremendous amount of risk that the web server could be an attack vector. We are going to propose a new String value option to limit the available cipher packages within SoftEther in general (this one we are still testing best implementation options).
Thanks,
Eric Sakariasen
CTO
Connetic IT Support
-
- Posts: 3
- Joined: Tue Dec 24, 2019 12:07 pm
Re: Which cipher suites are accepted by TLSv1.2?
I am a new user and got a pen tester to look into my VPN. His report suggests Cipher needs to be improved.
You do not have the required permissions to view the files attached to this post.
-
- Posts: 50
- Joined: Mon Dec 02, 2019 6:29 am
Re: Which cipher suites are accepted by TLSv1.2?
I understand the thinking that if a client is dumb enough to ask for RC4, then they do it to themselves, but I so wish this were possible on the server side. I'm hoping somebody discovers a byte string you can place in the server config. For example, you can already disable TLS 1.0 and TLS 1.1 (what about SSLv3?), so how about a ciphers list? Maybe like the below.
Asymmetric:
TLS_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Symmetric:
AES-256-GCM
AES-192-GCM
AES-128-GCM
CAMELLIA-256-CBC
CAMELLIA-192-CBC
AES-256-CBC
AES-192-CBC
There's got to be some way to do this. Maybe it can be done when compiled? Anybody know?
Asymmetric:
TLS_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
TLS_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
Symmetric:
AES-256-GCM
AES-192-GCM
AES-128-GCM
CAMELLIA-256-CBC
CAMELLIA-192-CBC
AES-256-CBC
AES-192-CBC
There's got to be some way to do this. Maybe it can be done when compiled? Anybody know?
-
- Posts: 50
- Joined: Mon Dec 02, 2019 6:29 am
Re: Which cipher suites are accepted by TLSv1.2?
I just realized that if you can use a port other than 443 then the pen tester might not pick up on it at all. Security by obfuscation. If your clients are using the SE client, then you can determine which cipher they use in SE server's encryption settings. However, if they're using an old SE client then you may have a fallback situation where the client and server negotiate a lower level of encryption. I tested it years ago and was disappointed by the results because it used something awful... maybe RC4-MD5... like really bad. I don't know if it's better now but beware. I use the SE client and OpenVPN clients and everything is well defined and my security ciphers negotiated are always satisfactory.
Still hoping, like you, for a way to completely eliminate certain protocols from the stack but I'm no good at tweaking and compiling software so this will have to be given to us by the developers.
Still hoping, like you, for a way to completely eliminate certain protocols from the stack but I'm no good at tweaking and compiling software so this will have to be given to us by the developers.
-
- Posts: 2
- Joined: Wed Mar 25, 2020 9:51 am
Re: Which cipher suites are accepted by TLSv1.2?
Hi,
same here I made some Check TLS Version and SSL/TLS Vulnerability Scanner freely available online.
the results show that weak protocols/ciphers version are also active.
It would be better to disable them by default
thank you
nolo
same here I made some Check TLS Version and SSL/TLS Vulnerability Scanner freely available online.
the results show that weak protocols/ciphers version are also active.
It would be better to disable them by default
thank you
nolo