SSTP outdated in 2018?

msatter · March 25, 2018, 1:09pm

I was looking for an VPN provider and I was looking for one which also offer SSTP because the OVPN-client solution is not support as it is now.

I found one however they did not offer SSTP any more because the following reason: “SSTP protocol is no longer supported by XYZVPN and will not be supported in the future due to being old, outdated and not secure.”

Is SSTP indeed outdated as they say? That IPSEC is not absolutely safe and the NSA can read it (rumoured) is not a reason for me not to use it.

CZFan · March 25, 2018, 1:51pm

Maybe they meant to say PPTP, as far as my knowledge goes, SSTP is very secure

ArushMann · March 25, 2018, 2:10pm

SSTP is not outdated and it is the most secure VPN protocol equivalent to OpenVPN. Infact SSTP can work where openvpn may not work due to its SSL nature. You must have misunderstood SSTP with PPTP. You can read more about PPTP and OpenVPN comparison here

msatter · March 25, 2018, 4:57pm

They still support PPTP so I think it is not a mistake by them.

CZFan · March 25, 2018, 5:26pm

Then maybe they don’t know what they are doing, PPTP is way older and way more less secure

Maybe send them a mail or log a call with them and ask out about it

Sob · March 25, 2018, 5:47pm

SSTP connection starts as HTTPS connection, i.e. it needs to initialize TLS first, then it sends HTTP-like request and then it’s switched to SSTP. The established TLS channel is kept, so if this shouldn’t be secure, then no HTTPS connection would be secure either.