Why are all VPN Gate servers using RC4-MD5 Encryption?!
-
- Posts: 62
- Joined: Tue Mar 17, 2015 7:54 am
Re: Why are all VPN Gate servers using RC4-MD5 Encryption?!
No. The server chooses what cipher it wants to communicate in. There's no cipher preference for SoftEther, which is available for web servers.
-
- Posts: 15
- Joined: Tue Mar 24, 2015 11:45 pm
Re: Why are all VPN Gate servers using RC4-MD5 Encryption?!
I agree with Russtopia. This is pretty egregious. These servers out there are next to worthless if they're running this cipher suite. Even if the GFW can't tell them apart from normal TLS traffic, it's a passive attack that has the potential to leak important authentication cookies. That we're still arguing about this two years later is kind of ridiculous. At least give the clients the ability to list / filter out all servers that run vulnerable cipher suites (which, I guess, is all the currently supported ones at this point. What a mess!)
http://blog.cryptographyengineering.com ... en-in.html
https://www.pentestpartners.com/blog/rc ... d-harmful/
http://www.isg.rhul.ac.uk/tls/RC4mustdie.html
We can do better:
https://tools.ietf.org/html/draft-mavro ... cha-tls-04
https://www.ietf.org/mail-archive/web/t ... 09847.html
https://www.imperialviolet.org/2013/10/07/chacha20.html
also
http://blog.djm.net.au/2013/11/chacha20 ... enssh.html
and
https://blog.cloudflare.com/do-the-chac ... ptography/
https://github.com/cloudflare/sslconfig ... 5_cf.patch
http://blog.cryptographyengineering.com ... en-in.html
https://www.pentestpartners.com/blog/rc ... d-harmful/
http://www.isg.rhul.ac.uk/tls/RC4mustdie.html
We can do better:
https://tools.ietf.org/html/draft-mavro ... cha-tls-04
https://www.ietf.org/mail-archive/web/t ... 09847.html
https://www.imperialviolet.org/2013/10/07/chacha20.html
also
http://blog.djm.net.au/2013/11/chacha20 ... enssh.html
and
https://blog.cloudflare.com/do-the-chac ... ptography/
https://github.com/cloudflare/sslconfig ... 5_cf.patch