Security flaw? Azure ignores default encryption.
Posted: Fri Jan 22, 2016 4:22 pm
After examining the log files at the end of an AZURE session I see that the encryption algorithm I have set in my VPN server is being ignored by Azure. The Ver 4.19 Build 9599 log reports:
2016-01-22 10:15:27.950 SSL communication for connection "CID-7-xxxxxx" has been started. The encryption algorithm name is "RC4-MD5".
2016-01-22 10:15:28.747 SSTP PPP Session [xxxx]: A new PPP session (Upper protocol: SSTP) is started. IP Address of PPP Client: xxxxxx (Hostname: "xxxxxxx"), Port Number of PPP Client: 49315, IP Address of PPP Server: xxxxxxx, Port Number of PPP Server: 1332, Client Software Name: "Microsoft SSTP VPN Client", IPv4 TCP MSS (Max Segment Size): 0 bytes
My server is set to use encryption of DHE-RSA-AES type. Am I missing something in the settings or is rc4-md5 the only algorithm Azure supports?
2016-01-22 10:15:27.950 SSL communication for connection "CID-7-xxxxxx" has been started. The encryption algorithm name is "RC4-MD5".
2016-01-22 10:15:28.747 SSTP PPP Session [xxxx]: A new PPP session (Upper protocol: SSTP) is started. IP Address of PPP Client: xxxxxx (Hostname: "xxxxxxx"), Port Number of PPP Client: 49315, IP Address of PPP Server: xxxxxxx, Port Number of PPP Server: 1332, Client Software Name: "Microsoft SSTP VPN Client", IPv4 TCP MSS (Max Segment Size): 0 bytes
My server is set to use encryption of DHE-RSA-AES type. Am I missing something in the settings or is rc4-md5 the only algorithm Azure supports?