Sophos XG VPN SSL security is a joke
It uses TLS 1.0 with CBC
- GCM should be the standard default or at least should be available not CBC
- TLS 1.2/1.3 should be the standard default not 1.0/1.1
This is how a serious security company threat this:
- https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118518-technote-esa-00.html
- https://support.umbrella.com/hc/en-us/articles/360033350851-End-of-Life-for-TLS-1-0-1-1-
The CBC vulnerability is a vulnerability with TLS v1. This vulnerability has been in existence since early 2004 and was resolved in later versions of TLS v1.1 and TLS v1.2.
This thread was automatically locked due to age.