We have several customers using Android devices and OpenVPN for Android to access their infrastructure remotely via Sophos UTM Gateways.
Since the last update, OpenVPN for Android complains about weak hash algorithms in UTM self signed certificates and CA-certificate.
This can be fixed with regenerating the SSL signing CA and all Certificates. One can use the heartbleed mitigation howto to fix this. (BTW, fix WEBadmin CA, too !).
The bigger problem is, that OpenVPN for Android complains about the AES-CBC being droped from the list of supported ciphers. Only AES-GCM ciphers are supported in the latest version.
Unfortionately, UTM 9.709 only supports CBC ciphers.
So please Sophos, help with adding GCM ciphers for SSL-VPN to UTM software.
Thank you !
This thread was automatically locked due to age.