VPN TLS Too Weak


#1

GWN7000 with firmware 10.0.9.6
Encryption Algorithm AES-256-CBC
Digest Algorithm SHA256

According to newest firmware release it should have support for TLS 1.2. I just setup a VPN with 2 clients as a test 1 laptop and 1 android 11.

On the laptop I’m using the official OVPN app current version 3.3.6 (latest) and on the android its version 3.2.5 (latest).

They both connect and work but it seem like the GWN7000 is using TLS1.0 or below and there is no option to select TLS version. I would like to use at minimum TLS1.2

Maybe I made a misconfiguration on the VPN setup but I did not see any TLS option. any help or advise is much appreciated.
Thanks
Ralph


#2

According to the F/W release notes TLS 1.2 was added in version 10.0.9.5, but I suspect that it is not just a VPN setting so you may have to look around a bit.

I would look for you, but I removed the few I ever installed a while back.


#3

When I have time I will go at it again. I used the client directive tls-version-min to tls1.1 and tls1.2 and the client gave me a complaint that the server tls version is too weak, so I change the client to a minimum of tls1.0 and connection successful. For now my android and laptop with use what is tls available now.

Thanks
Ralph