Any concerns about SoftEther's implementation of SSTP and the Poodle Vulnerability with SSL 3.0/2.0 ?
thanks!
Poodle Vulnerability and SSTP
-
kapp
- Posts: 3
- Joined: Thu Oct 16, 2014 12:56 pm
Poodle Vulnerability and SSTP
Last edited by kapp on Mon Oct 20, 2014 11:52 pm, edited 1 time in total.
-
ziphead
- Posts: 5
- Joined: Fri Oct 17, 2014 1:45 am
Re: Poodle Vunerability and SSTP
Joining the question. Shall we use l2p or openvpn instead ssl ? Do we need to wait for the security update ?
-
maurer
- Posts: 3
- Joined: Wed Apr 23, 2014 9:46 am
Re: Poodle Vunerability and SSTP
+1
Is SoftetherVPN Vulnerable to Poodle?
Is SoftetherVPN Vulnerable to Poodle?
-
ziphead
- Posts: 5
- Joined: Fri Oct 17, 2014 1:45 am
Re: Poodle Vunerability and SSTP
Poodle can be applied via "man in the middle" attack. So I hope self signed or server signed certificates will protect clients. But I didn't find how to make VPN server manager for windows use only certificates to login(not passwords).
And I'm still not sure if poodle can decrypt all the traffic passing through...
And I'm still not sure if poodle can decrypt all the traffic passing through...
-
kapp
- Posts: 3
- Joined: Thu Oct 16, 2014 12:56 pm
Re: Poodle Vulnerability and SSTP
Apparently SoftEther's SSTP Server (CentOS 6.5) does accept SSLv3.
This command shows SSL3 is AOK:
openssl s_client -connect your.vpnserver.com:443 -ssl3
Is there any way to disable SSLv3 in SoftEther's implementation on a Linux server?
This command shows SSL3 is AOK:
openssl s_client -connect your.vpnserver.com:443 -ssl3
Is there any way to disable SSLv3 in SoftEther's implementation on a Linux server?
-
dnobori
- Posts: 230
- Joined: Tue Mar 05, 2013 10:04 am
-
kapp
- Posts: 3
- Joined: Thu Oct 16, 2014 12:56 pm
Re: Poodle Vulnerability and SSTP
This worked great. Thank you.