Thursday, April 21, 2016

Insecure VPN?

Today I was reading that 90% of All SSL VPNs are Insecure.

  • 77% of the SSL VPNs still use the insecure SSLv3 or the even less secure SSLv2
  • 76% use an untrusted SSL certificate
  • 74% have an insecure SHA-1 signature
  • 41% use an insecure key length of 1024 for RSA certificates
  • 10% rely on versions of SSL that are still vulnerable to the  Heartbleed attack
If you want to test if your VPN supports SS3, just run the following:

 openssl s_client -connect <server>:<port> -ssl3

If the connection succeeds, sslv3 is enabled. If it fails, it is disabled.

HTH
Brent