This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Need Help with SSL-VPN: Sophos only supports AES-CBC but openVPN for Android requires AES-GCM (CBC is deprecated)

We have several customers using Android devices and OpenVPN for Android to access their infrastructure remotely via Sophos UTM Gateways.

Since the last update, OpenVPN for Android complains about weak hash algorithms in UTM self signed certificates and CA-certificate.

This can be fixed with regenerating the SSL signing CA and all Certificates. One can use the heartbleed mitigation howto to fix this. (BTW, fix WEBadmin CA, too !).

The bigger problem is, that OpenVPN for Android complains about the AES-CBC being droped from the list of supported ciphers. Only AES-GCM ciphers are supported in the latest version.

Unfortionately, UTM 9.709 only supports CBC ciphers.

So please Sophos, help with adding GCM ciphers for SSL-VPN to UTM software.

Thank you !

This thread was automatically locked due to age.

0 Amodin over 2 years ago

What about using another VPN client as an option? You know anything like that for UTM either won't be installed because they want everyone on XG, or will come in to play so far down the road, you would have replaced it already.

OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
(Former Sophos UTM Veteran, Former XG Rookie)
Cancel
Vote Up 0 Vote Down

Cancel