It is currently Wed Jun 28, 2017 3:43 pm

All times are UTC




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Mon Jun 05, 2017 6:26 pm 

Joined: Fri Jun 02, 2017 8:45 pm
Posts: 1
The following is true on the following versions of SoftEther - Version 21 and Version 22. It may be true on earlier versions.

We have our softether server setup to listen on Port 5555 with the encryption algorithm name AES256-SHA256.

When we ran a penetration test on the server, port 5555 showed an issue. The scan reported insecure ciphers - TLS_RSA_EITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA, and TLS_RSA_WITH_RC4_128_MD5.

We can also run a test with DigiCert asking it to check for common vulnerabilities and see the same list of ciphers.

On version 22 (the version we are using), we have disabled SSL, and TLS1.0 and TLS1.1. We only have TLS1.2 enabled (which shows on the DigiCert test).

We have a few concerns:
1. How can we find out which cipher was actually negotiated for a connection? We want it to be AES256-SHA256.
2. Is this a real finding or a false positive? If it is a false positive how can we prove that? Even if someone could provide a narrative on why it is a false positive it would be helpful.
3. Is there a config option or patch that would prevent this finding?

Bill


Attachments:
File comment: Redacted Screen Print from DigiCert.com test
Digicert-Capture-2017-0605.JPG
Digicert-Capture-2017-0605.JPG [ 158.21 KiB | Viewed 357 times ]
Top
 Profile  
Reply with quote  
PostPosted: Thu Jun 15, 2017 6:02 am 

Joined: Mon Feb 24, 2014 11:03 am
Posts: 2175
Developer of SoftEther VPN seems loving backward compatibility.
So, SoftEther leave old ciphers for option.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group
Return to www.softether.org