Choose SSL or TLS

[lyttek]

From section 3.2 of the manual:

Intermediate Layer of VPN Tunneling Protocol

Both SSL 3.0 and TLS 1.0 are supported. User can choose which protocol to use. SSL is Secure Socket Layer protocol. TLS is Transport Layer Security protocol. Both of them are widely used in the Internet, and the safety and reliability are proved for more decades by standing despite everyone's mercilessly analysis who is engaging the cryptography science and industry.


I've been poking around both the server and client side of things and cannot find a specific reference for this in either GUI or config.

There are two separate options that I have seen: "Don't use TLS 1.0" and "Encrypt VPN Session with SSL". It would seem that using the latter would make the first option a moot point?

How can we disable SSL on the server and use only TLS?

[dnobori]

See http://www.softether.org/5-download/history

[lyttek]

Excellent!

[PacoBell]

I'm confused about the "Don't use TLS 1.0" option. Does that apply specifically and only to TLS 1.0 (to mitigate the BEAST attack) or does it also disable TLS 1.2? The latter would be obviously undesirable.

[thisjun]

SoftEther VPN doesn't support TLS 1.2.

[KFrische]

There are security weaknesses in TLS v1.0 and TLS v1.1.

Is there a timeline to replace the TLS v1.0 with TLS v.1.2 ??

[lovether]

KFrische wrote:
> There are security weaknesses in TLS v1.0 and TLS v1.1.
>
> Is there a timeline to replace the TLS v1.0 with TLS v.1.2 ??

Now you can build your own VPN Server with TLSv1.2 enabled referring to this PR on github.
https://github.com/SoftEtherVPN/SoftEtherVPN/pull/208

[rtau-t24]

thisjun wrote:
> SoftEther VPN doesn't support TLS 1.2.

Please take a look at https://github.com/SoftEtherVPN/SoftEtherVPN/pull/208, see whether it is sufficient to allow SoftEther VPN to support TLS 1.2.

Thanks.