Hello,
I am getting PCI compliance fails at a site that uses SoftEther with OpenVPN. The only port I have forwarded to the SoftEther setup is 1194, and it is giving several security vulnerability warnings related to SSL and TLS 1.0 being available. This is a relatively recent install with new OpenVPN client software installed on the remote machines, so they will support TLS 1.2.
How can I disable SSL and TLS 1.0 / 1.1 for OpenVPN?
Thanks,
Disable SSL / TLS 1.0 in OpenVPN
-
lawsangel
- Posts: 12
- Joined: Fri Feb 19, 2021 6:04 pm
Re: Disable SSL / TLS 1.0 in OpenVPN
Open your Virtual Hub and open "Edit Config"
Save the config file locally so you can edit it.
Open file with text editor.
Search for the following:
bool Tls_Disable1_0 false
bool Tls_Disable1_1 false
bool Tls_Disable1_2 false
bool Tls_Disable1_3 false
Change which ever version you want disabled to true, in my case i've only left 1.3 enabled and looks like this:
bool Tls_Disable1_0 true
bool Tls_Disable1_1 true
bool Tls_Disable1_2 true
bool Tls_Disable1_3 false
Save the config.
Go back to "Edit Config" in your virtual hub.
Import File and Apply.
SoftEther Server manager should restart, so make sure nobody is connected.
Selected TLS options should now be disabled.
Hope that helps.
Save the config file locally so you can edit it.
Open file with text editor.
Search for the following:
bool Tls_Disable1_0 false
bool Tls_Disable1_1 false
bool Tls_Disable1_2 false
bool Tls_Disable1_3 false
Change which ever version you want disabled to true, in my case i've only left 1.3 enabled and looks like this:
bool Tls_Disable1_0 true
bool Tls_Disable1_1 true
bool Tls_Disable1_2 true
bool Tls_Disable1_3 false
Save the config.
Go back to "Edit Config" in your virtual hub.
Import File and Apply.
SoftEther Server manager should restart, so make sure nobody is connected.
Selected TLS options should now be disabled.
Hope that helps.