02-21-2014 07:35 AM - edited 03-11-2019 08:48 PM
Hi guys,
We currently are starting to change our remote access to SSL VPN. During testing I have noticed that XP will not work with the stronger encryption methods. It seems that it needs one out of the two out of RC4-SHA1 or 3DES-SHA1.
I have had a look around but cant find real definitive answers. Could you guys give me some tips of advantages and disadvantages of the two or let me know if i should just steer well clear of allowing these encryption methods to be used on our firewall.
Thanks for all your help,
MJ
Solved! Go to Solution.
02-24-2014 08:29 AM
RC4 has enough known weaknesses that the official advice from Microsoft, Cisco etc. is to stop using it; toss it in the same dustbin as MD5. E.g.
So if you can't get clients to do something modern like AES-GCM and TLS 1.2, I'd go with the 3DES-SHA1.
-- Jim Leinweber, WI State Lab of Hygiene
02-24-2014 08:29 AM
RC4 has enough known weaknesses that the official advice from Microsoft, Cisco etc. is to stop using it; toss it in the same dustbin as MD5. E.g.
So if you can't get clients to do something modern like AES-GCM and TLS 1.2, I'd go with the 3DES-SHA1.
-- Jim Leinweber, WI State Lab of Hygiene
02-25-2014 12:44 AM
Thanks James for the info, we are going to stick with 3DES-SHA1 for the next few months until XP support is dropped in June 2014.
Much appreciated,
MJ
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide