Disable Weak Ciphers such as RC4-MD5

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
ruchshuk
Posts: 1
Joined: Fri Feb 22, 2019 8:28 am

Disable Weak Ciphers such as RC4-MD5

Post by ruchshuk » Fri Feb 22, 2019 8:49 am

How can I force the client and softether vpn server to use AES encryption only? When I created the ovpn file using SoftEther VPN Server Manager, I used AES encryption as encryption algorithm and installed it at client side. But I believe server is not accepting it- it is looking for RC4-MD5. How can I fix it?

cedar
Site Admin
Posts: 1550
Joined: Sat Mar 09, 2013 5:37 am

Re: Disable Weak Ciphers such as RC4-MD5

Post by cedar » Tue May 21, 2019 7:40 am

I think SoftEther VPN Server can accept OpenVPN connection with AES encoding.
What error did you see?

the6thbook
Posts: 3
Joined: Tue Jan 08, 2019 3:34 pm

Re: Disable Weak Ciphers such as RC4-MD5

Post by the6thbook » Mon Oct 28, 2019 5:31 pm

I'm still having this issue. I can't get RC4-MD5 disabled:

https://github.com/SoftEtherVPN/SoftEtherVPN/pull/343

ozone
Posts: 62
Joined: Thu Sep 19, 2019 7:18 pm

Re: Disable Weak Ciphers such as RC4-MD5

Post by ozone » Sun Nov 03, 2019 12:49 am

I have the same issue.

A Mikrotik client connecting to a SE server always reverts to the weak RC4 cipher, although both support much higher ones like various forms of AES256...
But apparently, RC4 is all both nodes can agree upon during the initial handshake.

Until today, found no way of enforcing a higher cipher. Nor got any hint of how to do this on this forum or by someone of SE.

...Still hoping though...

sukupandachu
Posts: 1
Joined: Sun Dec 23, 2018 11:53 am

Re: Disable Weak Ciphers such as RC4-MD5

Post by sukupandachu » Sun Feb 28, 2021 5:59 pm

Hi.

I have the same issue. I see it happens only when it connects through the VPNAzure relay network. Connecting directly through NAT utilizes the server selected cipher AES256-GCM-SHA384.

I am not sure if this has do to with network speed, that maybe forces Softether to use weaker (and faster) cipher on slow networks (using the VPNAzure relay), or if it has to do with the VPNAzure network itself.


Anyone knows why this behavior?
Anyone may point around the right direction?
Thks.

AlexR
Posts: 2
Joined: Mon Mar 08, 2021 12:32 pm

Re: Disable Weak Ciphers such as RC4-MD5

Post by AlexR » Mon Mar 08, 2021 2:25 pm

Hi Cummunity

I also run a server it Softether VPN. In the course of various security tests I noticed that the system allows connections with RC4.

I have counterchecked this with Test SSL Server, and the following list comes out.

Do I have any possibility to deactivate RC4 ?

TLSv1.2:
server selection: uses client preferences
3-- (key: RSA) RSA_WITH_RC4_128_MD5
3-- (key: RSA) RSA_WITH_RC4_128_SHA
3-- (key: RSA) RSA_WITH_3DES_EDE_CBC_SHA
3-- (key: RSA) RSA_WITH_AES_128_CBC_SHA
3f- (key: RSA) DHE_RSA_WITH_AES_128_CBC_SHA
3-- (key: RSA) RSA_WITH_AES_256_CBC_SHA
3f- (key: RSA) DHE_RSA_WITH_AES_256_CBC_SHA
3-- (key: RSA) RSA_WITH_AES_128_CBC_SHA256
3f- (key: RSA) DHE_RSA_WITH_AES_256_CBC_SHA256
3-- (key: RSA) RSA_WITH_AES_128_GCM_SHA256
3-- (key: RSA) RSA_WITH_AES_256_GCM_SHA384

Best Regards
Alex

eddiewu
Posts: 42
Joined: Wed Nov 25, 2020 9:10 am

Re: Disable Weak Ciphers such as RC4-MD5

Post by eddiewu » Mon Mar 08, 2021 3:18 pm

The cipher list is hardcoded into the source code (Mayaqua/Network.c). You can change and build yourself.
Below is my modification based on Build 9745 for your reference.

Original version:

Code: Select all

static char *cipher_list = "RC4-MD5 RC4-SHA AES128-SHA AES256-SHA DES-CBC-SHA DES-CBC3-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA AES128-GCM-SHA256 AES128-SHA256 AES256-GCM-SHA384 AES256-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384"
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
	" DHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305";
#endif
;
My version (to build with OpenSSL 1.1.x so the second list will be in effect):

Code: Select all

#if OPENSSL_VERSION_NUMBER < 0x10100000L
static char *cipher_list = "RC4-MD5 RC4-SHA AES128-SHA AES256-SHA DES-CBC-SHA DES-CBC3-SHA DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA AES128-GCM-SHA256 AES128-SHA256 AES256-GCM-SHA384 AES256-SHA256 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-SHA384";
#endif

#if OPENSSL_VERSION_NUMBER >= 0x10100000L
static char *cipher_list = "ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES256-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA256";
#endif

AlexR
Posts: 2
Joined: Mon Mar 08, 2021 12:32 pm

Re: Disable Weak Ciphers such as RC4-MD5

Post by AlexR » Mon Mar 08, 2021 5:49 pm

Hi and thanks for your Answer !

Since I still have an OpenSSL 1.0.2k-fips on the system, I simply changed the code as follows, so that the old RC4 ciphers are out.
The whole thing could be compiled and started and looks good at first sight.

Speaks from your point of view something against this solution ?
I would not like to update OpenSSL (Centos 7 system).

Regards
Alex

Code: Select all

static char *cipher_list = "ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES256-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA256"
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
	" DHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305";
#endif
;

eddiewu
Posts: 42
Joined: Wed Nov 25, 2020 9:10 am

Re: Disable Weak Ciphers such as RC4-MD5

Post by eddiewu » Tue Mar 09, 2021 2:17 am

AlexR wrote:
Mon Mar 08, 2021 5:49 pm

Code: Select all

static char *cipher_list = "ECDHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-CHACHA20-POLY1305 DHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES256-SHA256 ECDHE-RSA-AES128-SHA256 DHE-RSA-AES128-SHA256"
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
	" DHE-RSA-CHACHA20-POLY1305 ECDHE-RSA-CHACHA20-POLY1305";
#endif
;
OK it makes sense if you would like to stick to 1.0.x. And you can drop the two CHACHA20 ciphers in the first line too as they are not supported in 1.0.x.

Post Reply