Community discussions

MikroTik App
 
Mirraz
just joined
Topic Author
Posts: 1
Joined: Mon Oct 25, 2021 12:24 pm

SSTP-client uses unsafe ciphers

Mon Oct 25, 2021 2:57 pm

Hello everyone. I configuring SSTP connection from mikrotik (RouterOS version 6.48.4) to my SSTP-server. But mikrotik can only use SHA1 in SSTP since in TLS-packet "Client Hello" it suggests only these Cipher Suites:
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
SHA1 considered unsafe worldwide. But if I disable SHA1 on SSTP-server then mikrotik will not connect to it. So can I configure TLS Cipher Suites for SSTP-client on mikrotik?
Last edited by Mirraz on Mon Oct 25, 2021 6:10 pm, edited 1 time in total.
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: SSTP-client uses unsafe ciphers

Mon Oct 25, 2021 4:20 pm

Whilst it would be really good if Mikrotik supported something better for the SSTP client & server the use of SHA1 for the cipher HMAC is still OK - it should only not be used for digital signatures. See https://nvlpubs.nist.gov/nistpubs/Speci ... 7pt1r5.pdf table 3 on page 56.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: SSTP-client uses unsafe ciphers

Mon Oct 25, 2021 6:41 pm

Hmm I am using SSTP with winbox remote and select MSCHAP2, TLS only 1.2.
No certificates though.

Would be happier if there are better options than MSCHAP2 or TLS1.2 I am all for it.
What buts me is that they (winbox remote) dont have PFS as an option I can use, even though its available on the MT SSTP page.
 
tdw
Forum Guru
Forum Guru
Posts: 1843
Joined: Sat May 05, 2018 11:55 am

Re: SSTP-client uses unsafe ciphers

Mon Oct 25, 2021 11:08 pm

If you don't use certificates anyone can perform a man-in-the-middle attack.

MSCHAPv2 is OK in a validated TLS tunnel - the tunneled traffic is not accessible to others to snoop on the handshake which is required to recover the NTLM hash. With SSTP the session keys generated during MSCHAPv2, or various EAP methods, are used to protect against various attacks. Authentication which does not generate these keys (e.g. PAP, CHAP) is not recommended.

I've not looked at the newer Winbox transport, you would hope it uses PFS by default.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19099
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: SSTP-client uses unsafe ciphers

Mon Oct 25, 2021 11:52 pm

If you don't use certificates anyone can perform a man-in-the-middle attack.

MSCHAPv2 is OK in a validated TLS tunnel - the tunneled traffic is not accessible to others to snoop on the handshake which is required to recover the NTLM hash. With SSTP the session keys generated during MSCHAPv2, or various EAP methods, are used to protect against various attacks. Authentication which does not generate these keys (e.g. PAP, CHAP) is not recommended.

I've not looked at the newer Winbox transport, you would hope it uses PFS by default.
Hi TDW if you get a chance please check it out. They have a free version for one tunnel connection. I would really like your assessment for its use as a home solution (not a business solution).

Who is online

Users browsing this forum: godel0914, GoogleOther [Bot], MaxwellsEq, onnyloh and 90 guests