Page 1 of 1
HTTPS Security
Posted: Tue Feb 24, 2026 12:21 pm
by mpfrench
For me, the most useful mode of operation is to use SoftEther's HTTPS interface on TCP port 443 since it will cut through the most restrictive firewalls. However, using ssllabs.com server testing tools, I found that SoftEther uses insecure methods. Specifically, the RC4 cipher and TLS modes below TLS1.2, i.e., TLS1.0 and TLS1.1.
In the next SoftEther release, please eliminate the use of RC4, TLS1.0 and TLS1.1.
Re: HTTPS Security
Posted: Tue Feb 24, 2026 10:34 pm
by solo
SoftEther VPN 4.22 Build 9634 Beta (November 27, 2016)
Added the support for TLS 1.2. Added TLS 1.2-based cipher sets: AES128-GCM-SHA256, AES128-SHA256, AES256-GCM-SHA384, AES256-SHA256, DHE-RSA-AES128-GCM-SHA256, DHE-RSA-AES128-SHA256, DHE-RSA-AES256-GCM-SHA384, DHE-RSA-AES256-SHA256, ECDHE-RSA-AES128-GCM-SHA256, ECDHE-RSA-AES128-SHA256, ECDHE-RSA-AES256-GCM-SHA384 and ECDHE-RSA-AES256-SHA384.
Added the function to allow to configure specific TLS versions to accept / deny. In the VPN Server configuration file you can set Tls_Disable1_0, Tls_Disable1_1 and Tls_Disable1_2 flags to true to disable these TLS versions individually.
You got all these options ten years ago FFS.
RC4 will not be "eliminated", it's light on CPU and not forced upon you.