[CRITICAL] Sophos XG SSL VPN Several vulnerabilities

Question

Sophos XG VPN SSL security is a joke 
 It uses TLS 1.0 with CBC 
 
 GCM should be the standard default or at least should be available not CBC 
 TLS 1.2/1.3 should be the standard default not 1.0/1.1 
 
 This is how a serious security company threat this: 
 
 https://www.cisco.com/c/en/us/support/docs/security/email-security-appliance/118518-technote-esa-00.html 
 https://support.umbrella.com/hc/en-us/articles/360033350851-End-of-Life-for-TLS-1-0-1-1- 
 
 The CBC vulnerability is a vulnerability with TLS v1. This vulnerability has been in existence since early 2004 and was resolved in later versions of TLS v1.1 and TLS v1.2.

LuCar Toni · Accepted Answer

Tested it with V18.0 MR1. Works fine now. 
 
 Tue Apr 14 19:39:14 2020 [10017] ::ffff:Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA 
 Used OpenVPN on iOS with Minimum TLS version set to 1.2.

LuCar Toni · Answer

As far as i know, and i am not a Product manager for XG, there are plans to do so. Stay tuned for the future releases. 
 And keep in mind, it is not as easy to update stuff like that. There are many dependencies. Still work in progress to update those modules.